Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1579344
MD5:f82416bcf25171ccfda8e9325c3a92dc
SHA1:9db33361a9cb34b352a9fe17ea06a659b247bbbc
SHA256:3d8bd5d204ef586f2958455a4f57cd493580978c83c34759839dcdd5e4d9f120
Tags:exeuser-Bitsight
Infos:

Detection

LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Attempt to bypass Chrome Application-Bound Encryption
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Yara detected Amadeys Clipper DLL
Yara detected Amadeys stealer DLL
Yara detected Credential Flusher
Yara detected LummaC Stealer
Yara detected Powershell download and execute
Yara detected Stealc
Yara detected Vidar stealer
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
C2 URLs / IPs found in malware configuration
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Contains functionality to inject code into remote processes
Creates multiple autostart registry keys
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Drops PE files with a suspicious file extension
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Sigma detected: New RUN Key Pointing to Suspicious Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 4140 cmdline: "C:\Users\user\Desktop\file.exe" MD5: F82416BCF25171CCFDA8E9325C3A92DC)
    • skotes.exe (PID: 1976 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: F82416BCF25171CCFDA8E9325C3A92DC)
  • skotes.exe (PID: 2696 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: F82416BCF25171CCFDA8E9325C3A92DC)
  • skotes.exe (PID: 6592 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: F82416BCF25171CCFDA8E9325C3A92DC)
    • EUCyhuW.exe (PID: 6496 cmdline: "C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe" MD5: D6D3AB7208760962B95BE3EEB224C1AC)
      • conhost.exe (PID: 6500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • EUCyhuW.exe (PID: 344 cmdline: "C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe" MD5: D6D3AB7208760962B95BE3EEB224C1AC)
      • WerFault.exe (PID: 2504 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 304 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • SurveillanceWalls.exe (PID: 1396 cmdline: "C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe" MD5: 5A909C9769920208ED3D4D7279F08DE5)
      • cmd.exe (PID: 7032 cmdline: "C:\Windows\System32\cmd.exe" /c move Campbell Campbell.cmd & Campbell.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 6308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • tasklist.exe (PID: 5540 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
        • findstr.exe (PID: 5436 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
        • tasklist.exe (PID: 2876 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
        • findstr.exe (PID: 2252 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
        • cmd.exe (PID: 6136 cmdline: cmd /c md 370821 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • findstr.exe (PID: 4456 cmdline: findstr /V "Anchor" Veterinary MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
        • cmd.exe (PID: 6664 cmdline: cmd /c copy /b ..\Genre + ..\Mj + ..\Discs + ..\Receiving + ..\Mysterious + ..\Aka w MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • Sale.com (PID: 4748 cmdline: Sale.com w MD5: 62D09F076E6E0240548C2F837536A46A)
        • choice.exe (PID: 5012 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
    • hYW0tgm.exe (PID: 4744 cmdline: "C:\Users\user\AppData\Local\Temp\1019563001\hYW0tgm.exe" MD5: B251CF9E14AA07B1A2E506AD4EE0028C)
    • 17ce3a84e4.exe (PID: 3452 cmdline: "C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exe" MD5: 87330F1877C33A5A6203C49075223B16)
    • 412ec13ac5.exe (PID: 5804 cmdline: "C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe" MD5: AFD936E441BF5CBDB858E96833CC6ED3)
      • conhost.exe (PID: 5808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • 412ec13ac5.exe (PID: 4788 cmdline: "C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe" MD5: AFD936E441BF5CBDB858E96833CC6ED3)
    • 580c9354ec.exe (PID: 6008 cmdline: "C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe" MD5: 26F1B241A64F088FA3113C4587F12D50)
    • 9f6ea82062.exe (PID: 932 cmdline: "C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe" MD5: C4B3E529888B95D857AB1B2E80B1521E)
      • chrome.exe (PID: 4224 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 5728 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1916,i,5817995298996924960,10670888794113214286,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • 51ecf08926.exe (PID: 1844 cmdline: "C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe" MD5: 3D0A0F60AC258C89AFDFD9F471DBF8F7)
      • taskkill.exe (PID: 3780 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 5284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 6136 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 6364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 1272 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 64 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 5688 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 6716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 1672 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 6304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • firefox.exe (PID: 3280 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • 5936bfa4af.exe (PID: 6812 cmdline: "C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exe" MD5: F2F8D2D15D376C6CD78647595E4328CA)
  • 9f6ea82062.exe (PID: 3940 cmdline: "C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe" MD5: C4B3E529888B95D857AB1B2E80B1521E)
  • 51ecf08926.exe (PID: 3208 cmdline: "C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe" MD5: 3D0A0F60AC258C89AFDFD9F471DBF8F7)
  • firefox.exe (PID: 5748 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 4440 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey
NameDescriptionAttributionBlogpost URLsLink
StealcStealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}

Threatname: LummaC

{"C2 url": ["energyaffai.lat", "sustainskelet.lat", "crosshuaht.lat", "grannyejh.lat", "bellflamre.click", "discokeyus.lat", "aspecteirs.lat", "rapeflowwj.lat", "necklacebudi.lat"], "Build id": "LPnhqo--pndzrnkjnmnw"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exeJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
    C:\Users\user\AppData\Local\Temp\1019602001\647da3efc5.exeJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000001E.00000003.3598848162.0000000001138000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        0000001F.00000003.3614760975.00000000011AA000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          0000001F.00000003.3572256199.00000000011AA000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000009.00000003.2887885665.0000000000E97000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0000001E.00000003.3466744227.0000000001176000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 37 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                9.2.EUCyhuW.exe.400000.1.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                  9.2.EUCyhuW.exe.400000.1.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                    0.2.file.exe.eb0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                      2.2.skotes.exe.6c0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                        3.2.skotes.exe.6c0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: New RUN Key Pointing to Suspicious Folder
                          Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 6592, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\580c9354ec.exe
                          Sigma detected: Browser Started with Remote Debugging
                          Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe, ParentProcessId: 932, ParentProcessName: 9f6ea82062.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", ProcessId: 4224, ProcessName: chrome.exe
                          Sigma detected: CurrentVersion Autorun Keys Modification
                          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 6592, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\580c9354ec.exe

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Sigma detected: Search for Antivirus process
                          Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Campbell Campbell.cmd & Campbell.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7032, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 2252, ProcessName: findstr.exe

                          Suricata Signatures

                          No Suricata rule has matched

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus / Scanner detection for submitted sample
                          Source: file.exeAvira: detected
                          Antivirus detection for dropped file
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exeAvira: detection malicious, Label: TR/ATRAPS.Gen
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                          Found malware configuration
                          Source: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmpMalware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
                          Source: 00000007.00000002.3125830482.00000000031A4000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["energyaffai.lat", "sustainskelet.lat", "crosshuaht.lat", "grannyejh.lat", "bellflamre.click", "discokeyus.lat", "aspecteirs.lat", "rapeflowwj.lat", "necklacebudi.lat"], "Build id": "LPnhqo--pndzrnkjnmnw"}
                          Source: 00000020.00000002.3929798314.000000000094E000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}
                          Multi AV Scanner detection for dropped file
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exeReversingLabs: Detection: 55%
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exeReversingLabs: Detection: 47%
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[3].exeReversingLabs: Detection: 63%
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exeReversingLabs: Detection: 18%
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[3].exeReversingLabs: Detection: 86%
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exeReversingLabs: Detection: 68%
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeReversingLabs: Detection: 18%
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeReversingLabs: Detection: 68%
                          Source: C:\Users\user\AppData\Local\Temp\1019601001\a53907268b.exeReversingLabs: Detection: 47%
                          Source: C:\Users\user\AppData\Local\Temp\1019602001\647da3efc5.exeReversingLabs: Detection: 55%
                          Source: C:\Users\user\AppData\Local\Temp\1019603001\d0c6b9d6b8.exeReversingLabs: Detection: 86%
                          Source: C:\Users\user\AppData\Local\Temp\1019604001\0c0e50df68.exeReversingLabs: Detection: 63%
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeReversingLabs: Detection: 55%
                          Multi AV Scanner detection for submitted file
                          Source: file.exeVirustotal: Detection: 58%Perma Link
                          Source: file.exeReversingLabs: Detection: 55%
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.0% probability
                          Machine Learning detection for dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\hYW0tgm[1].exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\EUCyhuW[1].exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[3].exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exeJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: file.exeJoe Sandbox ML: detected
                          Sample uses string decryption to hide its real strings
                          Source: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: rapeflowwj.lat
                          Source: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: crosshuaht.lat
                          Source: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: sustainskelet.lat
                          Source: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: aspecteirs.lat
                          Source: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: energyaffai.lat
                          Source: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: necklacebudi.lat
                          Source: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: discokeyus.lat
                          Source: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: grannyejh.lat
                          Source: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: bellflamre.click
                          Source: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                          Source: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                          Source: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                          Source: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                          Source: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: Workgroup: -
                          Source: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: LPnhqo--pndzrnkjnmnw
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00417496 CryptUnprotectData,9_2_00417496
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: Binary string: mozglue.pdbP source: 9f6ea82062.exe, 00000020.00000002.4069578254.000000006C0DD000.00000002.00000001.01000000.0000001E.sdmp
                          Source: Binary string: nss3.pdb@ source: 9f6ea82062.exe, 00000020.00000002.4077186117.000000006C29F000.00000002.00000001.01000000.0000001D.sdmp
                          Source: Binary string: C:\Users\danie\source\repos\NewText\NewText\obj\Debug\NewTextV2.pdb source: skotes.exe, 00000006.00000003.4278061535.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4281279423.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: C:\Users\danie\source\repos\NewText\NewText\obj\Debug\NewTextV2.pdbdj~j pj_CorExeMainmscoree.dll source: skotes.exe, 00000006.00000003.4278061535.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4281279423.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: nss3.pdb source: 9f6ea82062.exe, 00000020.00000002.4077186117.000000006C29F000.00000002.00000001.01000000.0000001D.sdmp
                          Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 5936bfa4af.exe, 0000002C.00000002.3621203518.0000000000192000.00000040.00000001.01000000.00000016.sdmp
                          Source: Binary string: C:\Admin\Workspace\1766103906\Project\Release\Project.pdb source: 17ce3a84e4.exe, 0000001B.00000003.4436703085.0000000002F46000.00000004.00000800.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000000.3007120509.00000000005EC000.00000002.00000001.01000000.0000000F.sdmp, 17ce3a84e4.exe, 0000001B.00000002.4512003521.00000000005EC000.00000002.00000001.01000000.0000000F.sdmp
                          Source: Binary string: mozglue.pdb source: 9f6ea82062.exe, 00000020.00000002.4069578254.000000006C0DD000.00000002.00000001.01000000.0000001E.sdmp
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: number of queries: 1001
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: number of queries: 1001
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_00386304 FindFirstFileExW,7_2_00386304
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_003863B5 FindFirstFileExW,FindNextFileW,FindClose,FindClose,7_2_003863B5
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00386304 FindFirstFileExW,9_2_00386304
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_003863B5 FindFirstFileExW,FindNextFileW,FindClose,FindClose,9_2_003863B5
                          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\
                          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\
                          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\
                          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\
                          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\370821
                          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\370821\
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov edx, ecx9_2_0043D0F0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 71B3F069h9_2_0043D0F0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov esi, eax9_2_0042A95E
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov byte ptr [edi], al9_2_0042A95E
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov ecx, eax9_2_00439170
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx ecx, byte ptr [esp+edi+5602E8D9h]9_2_0040C1BE
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-0EAF77CFh]9_2_0042B299
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 2DA07A80h9_2_0043D330
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov ebx, edx9_2_00436460
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h9_2_00417496
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx+042DD56Dh]9_2_0043B4A3
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]9_2_00421DC5
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h9_2_0043D580
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 5D0AA591h9_2_0043B6EA
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov ecx, edx9_2_0043D690
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov ecx, eax9_2_0040A800
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], 12BAC918h9_2_0041780D
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], E785F9BAh9_2_00418810
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], E5FE86B7h9_2_004398D0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], E5FE86B7h9_2_004398D0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov edx, ecx9_2_004398D0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then jmp dword ptr [004436A4h]9_2_004158F0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-4B2E9D9Fh]9_2_004288FA
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov ebx, eax9_2_004058B0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov ebp, eax9_2_004058B0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov ecx, eax9_2_0043D900
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx ebx, byte ptr [edx]9_2_004331E0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-29h]9_2_00409190
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov esi, edx9_2_00424A40
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov esi, eax9_2_0042A959
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov byte ptr [edi], al9_2_0042A959
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+24h]9_2_0042826A
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-000000B4h]9_2_00421221
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx ebp, byte ptr [esp+edi+0Ch]9_2_004082E0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov word ptr [eax], cx9_2_004152EC
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx esi, byte ptr [eax]9_2_00429A80
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov edx, ecx9_2_0043BAB1
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov byte ptr [ebp+00h], al9_2_0041CB00
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov byte ptr [edi], cl9_2_0042C31E
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then call dword ptr [00440DA8h]9_2_0040CBF6
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], C7235EAFh9_2_0043D460
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+28h]9_2_00407410
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]9_2_00407410
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov ecx, eax9_2_004254C0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then cmp al, 2Eh9_2_004254E0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov byte ptr [edx], al9_2_004254E0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-466F3075h]9_2_004254E0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], E785F9BAh9_2_00413CF0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx edx, byte ptr [esi+ecx+60h]9_2_0040ACB0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]9_2_00428D20
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov byte ptr [esi], al9_2_00429DE3
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then add ecx, FFFFFFFEh9_2_00436DF0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov ecx, eax9_2_00409580
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx eax, byte ptr [esp+ebp+458F1EF1h]9_2_00409580
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then jmp ecx9_2_00426D90
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx edx, byte ptr [eax]9_2_00426D90
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-7B590292h]9_2_0041FE5F
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx-4B2E9DB5h]9_2_00427660
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-000000ABh]9_2_00414E1A
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx-4B2E9DB5h]9_2_00427660
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+0Eh]9_2_00427EC0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx ebp, byte ptr [esp+esi-14h]9_2_00435F70
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+0Eh]9_2_00427726
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov byte ptr [ecx], al9_2_0040C7AC
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 4x nop then mov byte ptr [ecx], al9_2_0040C7AC
                          Source: firefox.exeMemory has grown: Private usage: 1MB later: 179MB

                          Networking

                          barindex
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: http://185.215.113.206/c4becf79229cb002.php
                          Source: Malware configuration extractorURLs: energyaffai.lat
                          Source: Malware configuration extractorURLs: sustainskelet.lat
                          Source: Malware configuration extractorURLs: crosshuaht.lat
                          Source: Malware configuration extractorURLs: grannyejh.lat
                          Source: Malware configuration extractorURLs: bellflamre.click
                          Source: Malware configuration extractorURLs: discokeyus.lat
                          Source: Malware configuration extractorURLs: aspecteirs.lat
                          Source: Malware configuration extractorURLs: rapeflowwj.lat
                          Source: Malware configuration extractorURLs: necklacebudi.lat
                          Source: Malware configuration extractorIPs: 185.215.113.43
                          Source: Joe Sandbox ViewIP Address: 185.215.113.43 185.215.113.43
                          Source: Joe Sandbox ViewIP Address: 104.21.21.99 104.21.21.99
                          Source: Joe Sandbox ViewIP Address: 1.1.1.1 1.1.1.1
                          Source: Joe Sandbox ViewIP Address: 1.1.1.1 1.1.1.1
                          Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EBE0C0 recv,recv,recv,recv,0_2_00EBE0C0
                          Source: 580c9354ec.exe, 0000001F.00000003.4358124840.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/
                          Source: 580c9354ec.exe, 0000001F.00000003.4347342206.0000000001215000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.4360295909.00000000059D2000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.4358124840.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/def.exe
                          Source: 580c9354ec.exe, 0000001F.00000003.4347342206.0000000001215000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.4358124840.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/def.exe?
                          Source: 580c9354ec.exe, 0000001F.00000003.4358124840.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/steam/random.exe
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000BB7000.00000040.00000001.01000000.00000012.sdmp, 9f6ea82062.exe, 00000020.00000002.3929798314.000000000094E000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000024.00000002.4260064567.000000000164D000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000024.00000002.4260064567.00000000015FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206
                          Source: 9f6ea82062.exe, 00000024.00000002.4260064567.000000000164D000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000024.00000002.4260064567.00000000015FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll.
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.00000000009A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.3929798314.000000000094E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.000000000094E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dllConneb
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dllllj
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.00000000009A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.00000000009A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dllg
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dllF
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
                          Source: 9f6ea82062.exe, 00000024.00000002.4260064567.000000000164D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/9
                          Source: 9f6ea82062.exe, 00000024.00000002.4260064567.000000000164D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/Local
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4054758953.000000000B8E1000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.3929798314.000000000094E000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000024.00000002.4260064567.000000000164D000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000024.00000002.4260064567.00000000015FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
                          Source: 9f6ea82062.exe, 00000024.00000002.4260064567.000000000164D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/a
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.php34
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.php8
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.00000000009A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.php;
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.000000000094E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpBrowser
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpP5
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000BB7000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpation
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000BB7000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpe13b062b4c5e95f4989d6bd1e553
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000BB7000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpinit.exe
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000BB7000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpl
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.00000000009A6000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000024.00000002.4260064567.000000000164D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpo
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.00000000009A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/e
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000BB7000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://185.215.113.206/form-data;
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000BB7000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://185.215.113.206FCG
                          Source: 9f6ea82062.exe, 00000024.00000002.4260064567.00000000015FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206b
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000BB7000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://185.215.113.206c4becf79229cb002.phpion:
                          Source: skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php8001
                          Source: EUCyhuW.exe, 00000009.00000003.2853484209.00000000037FD000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3378806018.000000000397D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3603169180.0000000005A83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                          Source: EUCyhuW.exe, 00000009.00000003.2853484209.00000000037FD000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3378806018.000000000397D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3603169180.0000000005A83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                          Source: skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                          Source: 17ce3a84e4.exe, 0000001B.00000003.4498901768.000000000152C000.00000004.00000020.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000002.4524131042.000000000152C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mw
                          Source: EUCyhuW.exe, 00000009.00000003.2853484209.00000000037FD000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3378806018.000000000397D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3603169180.0000000005A83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                          Source: skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
                          Source: skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                          Source: skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4278061535.0000000005B81000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
                          Source: skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4278061535.0000000005B81000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
                          Source: EUCyhuW.exe, 00000009.00000003.2853484209.00000000037FD000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3378806018.000000000397D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3603169180.0000000005A83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                          Source: EUCyhuW.exe, 00000009.00000003.2853484209.00000000037FD000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3378806018.000000000397D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3603169180.0000000005A83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                          Source: EUCyhuW.exe, 00000009.00000003.2853484209.00000000037FD000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3378806018.000000000397D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3603169180.0000000005A83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                          Source: EUCyhuW.exe, 00000009.00000003.2853484209.00000000037FD000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3378806018.000000000397D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3603169180.0000000005A83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                          Source: skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
                          Source: skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                          Source: skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4278061535.0000000005B81000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
                          Source: skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4278061535.0000000005B81000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
                          Source: SurveillanceWalls.exe, 0000000E.00000002.2860938966.0000000000409000.00000002.00000001.01000000.0000000B.sdmp, SurveillanceWalls.exe, 0000000E.00000000.2852400591.0000000000409000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                          Source: skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                          Source: EUCyhuW.exe, 00000009.00000003.2853484209.00000000037FD000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3378806018.000000000397D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3603169180.0000000005A83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                          Source: EUCyhuW.exe, 00000009.00000003.2853484209.00000000037FD000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3378806018.000000000397D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3603169180.0000000005A83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                          Source: skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4278061535.0000000005B81000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                          Source: SurveillanceWalls.exe, 0000000E.00000002.2860963000.0000000000420000.00000004.00000001.01000000.0000000B.sdmp, Sale.com, 00000018.00000000.2879703042.0000000000855000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/X
                          Source: 580c9354ec.exe, 0000001F.00000003.3614760975.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3572256199.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3870761939.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3803442222.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3927069843.00000000011AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.x
                          Source: 9f6ea82062.exe, 00000020.00000002.4069578254.000000006C0DD000.00000002.00000001.01000000.0000001E.sdmpString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                          Source: 9f6ea82062.exe, 00000020.00000002.4047572344.0000000005794000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4066981270.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                          Source: EUCyhuW.exe, 00000009.00000003.2853484209.00000000037FD000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3378806018.000000000397D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3603169180.0000000005A83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                          Source: EUCyhuW.exe, 00000009.00000003.2853484209.00000000037FD000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3378806018.000000000397D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3603169180.0000000005A83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                          Source: EUCyhuW.exe, 00000009.00000003.2805310164.0000000003728000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805076562.000000000372B000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805196036.0000000003728000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3245396945.00000000038AC000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3250034677.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3249885987.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3466602606.0000000005A0D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3467960261.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3476918307.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3531478078.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: EUCyhuW.exe, 00000009.00000003.2856083987.000000000378F000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3385290739.000000000390D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3641823591.0000000005A5F000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4054758953.000000000B8E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
                          Source: EUCyhuW.exe, 00000009.00000003.2856083987.000000000378F000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3385290739.000000000390D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3641823591.0000000005A5F000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4054758953.000000000B8E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
                          Source: EUCyhuW.exe, 00000009.00000003.2805310164.0000000003728000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805076562.000000000372B000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805196036.0000000003728000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3245396945.00000000038AC000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3250034677.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3249885987.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3466602606.0000000005A0D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3467960261.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3476918307.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3531478078.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: EUCyhuW.exe, 00000009.00000003.2805310164.0000000003728000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805076562.000000000372B000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805196036.0000000003728000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3245396945.00000000038AC000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3250034677.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3249885987.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3466602606.0000000005A0D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3467960261.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3476918307.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3531478078.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: EUCyhuW.exe, 00000009.00000003.2805310164.0000000003728000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805076562.000000000372B000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805196036.0000000003728000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3245396945.00000000038AC000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3250034677.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3249885987.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3466602606.0000000005A0D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3467960261.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3476918307.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3531478078.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: EUCyhuW.exe, 00000009.00000003.2856083987.000000000378F000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3385290739.000000000390D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3641823591.0000000005A5F000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4054758953.000000000B8E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                          Source: EUCyhuW.exe, 00000009.00000003.2856083987.000000000378F000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3385290739.000000000390D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3641823591.0000000005A5F000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4054758953.000000000B8E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
                          Source: 580c9354ec.exe, 0000001F.00000003.4358124840.0000000001215000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3797185380.0000000001213000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discokeyus.lat/
                          Source: EUCyhuW.exe, 00000009.00000002.3138189518.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.3093948172.0000000000EF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discokeyus.lat/%
                          Source: EUCyhuW.exe, 00000009.00000003.2804303481.0000000000E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discokeyus.lat/(
                          Source: 580c9354ec.exe, 0000001F.00000003.3535631558.0000000005A4E000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3535225334.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discokeyus.lat/-
                          Source: EUCyhuW.exe, 00000009.00000003.2804303481.0000000000E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discokeyus.lat/.
                          Source: EUCyhuW.exe, 00000009.00000003.2852327758.0000000003784000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2852015292.0000000003784000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2888145590.0000000003784000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2852833290.0000000003784000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discokeyus.lat/90BH
                          Source: EUCyhuW.exe, 00000009.00000003.2828355789.0000000003773000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discokeyus.lat/JJFf
                          Source: EUCyhuW.exe, 00000009.00000003.2804303481.0000000000E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discokeyus.lat/Q
                          Source: EUCyhuW.exe, 00000009.00000003.2804303481.0000000000E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discokeyus.lat/V
                          Source: EUCyhuW.exe, 00000009.00000003.2851829493.0000000003787000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.3093424754.0000000000F03000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2804303481.0000000000E69000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2804303481.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2852265070.000000000378A000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2852327758.0000000003773000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000002.3138189518.0000000000F03000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2913644011.0000000000F03000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000002.3138169097.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2913722505.0000000000EA9000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2804303481.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2878424864.0000000003791000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.3093424754.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.3093948172.0000000000EE2000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2877959925.0000000003791000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2852015292.0000000003773000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2930693716.0000000000F03000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2913252442.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2852833290.0000000003773000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3694965286.0000000001225000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3614760975.00000000011AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discokeyus.lat/api
                          Source: 580c9354ec.exe, 0000001F.00000003.3694965286.0000000001225000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3684252207.0000000001225000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3763354814.0000000001224000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3669275426.0000000001224000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discokeyus.lat/api/
                          Source: EUCyhuW.exe, 00000009.00000003.2804303481.0000000000E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discokeyus.lat/apiH
                          Source: EUCyhuW.exe, 00000009.00000003.3093424754.0000000000F03000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000002.3138189518.0000000000F03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discokeyus.lat/apiLb
                          Source: 580c9354ec.exe, 0000001F.00000003.3927069843.00000000011AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discokeyus.lat/apij
                          Source: EUCyhuW.exe, 00000009.00000003.2804303481.0000000000E72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discokeyus.lat/apis
                          Source: EUCyhuW.exe, 00000009.00000003.2805310164.0000000003728000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805076562.000000000372B000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805196036.0000000003728000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3245396945.00000000038AC000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3250034677.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3249885987.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3466602606.0000000005A0D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3467960261.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3476918307.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3531478078.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: EUCyhuW.exe, 00000009.00000003.2805310164.0000000003728000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805076562.000000000372B000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805196036.0000000003728000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3245396945.00000000038AC000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3250034677.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3249885987.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3466602606.0000000005A0D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3467960261.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3476918307.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3531478078.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: EUCyhuW.exe, 00000009.00000003.2805310164.0000000003728000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805076562.000000000372B000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805196036.0000000003728000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3245396945.00000000038AC000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3250034677.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3249885987.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3466602606.0000000005A0D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3467960261.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3476918307.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3531478078.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: 17ce3a84e4.exe, 0000001B.00000002.4524131042.00000000014CF000.00000004.00000020.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000003.4498901768.00000000014CF000.00000004.00000020.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000003.4498901768.00000000014E9000.00000004.00000020.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000002.4524131042.00000000014E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fieldhitty.click/
                          Source: 17ce3a84e4.exe, 0000001B.00000002.4524131042.00000000014E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fieldhitty.click/api
                          Source: 17ce3a84e4.exe, 0000001B.00000003.4498901768.00000000014E9000.00000004.00000020.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000002.4524131042.00000000014E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fieldhitty.click/api&
                          Source: 17ce3a84e4.exe, 0000001B.00000003.4488835946.00000000014C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fieldhitty.click/api9
                          Source: 17ce3a84e4.exe, 0000001B.00000002.4522542200.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000003.4488835946.00000000014BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fieldhitty.click/apii
                          Source: 17ce3a84e4.exe, 0000001B.00000003.4498901768.00000000014E9000.00000004.00000020.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000002.4524131042.00000000014E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fieldhitty.click/c
                          Source: 17ce3a84e4.exe, 0000001B.00000002.4524131042.00000000014CF000.00000004.00000020.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000003.4498901768.00000000014CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fieldhitty.click:443/api
                          Source: skotes.exe, 00000006.00000003.4278061535.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4281279423.0000000005BB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com
                          Source: skotes.exe, 00000006.00000003.4278061535.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4281279423.0000000005BB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Urijas/moperats/raw/refs/heads/main/biyjdfjadaw.exe
                          Source: 9f6ea82062.exe, 00000020.00000002.4054758953.000000000B8E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                          Source: 412ec13ac5.exe, 0000001E.00000003.3207231180.000000000111D000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3373433430.00000000038FE000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3622898084.000000000111D000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3298472752.00000000038E9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3551750660.000000000117D000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3412770399.0000000003905000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3592146204.000000000117E000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000002.3657261192.000000000111D000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3412261797.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3298172128.00000000038E9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000002.3658768402.000000000117E000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3374828427.0000000003905000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3630270875.000000000117E000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3593252563.000000000111D000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3548292393.0000000001176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/
                          Source: 412ec13ac5.exe, 0000001E.00000003.3179102375.0000000001139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/.
                          Source: 412ec13ac5.exe, 0000001E.00000003.3207422516.0000000001138000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3207231180.000000000111D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/2
                          Source: 412ec13ac5.exe, 0000001E.00000003.3207422516.0000000001138000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3207231180.000000000111D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/M
                          Source: 412ec13ac5.exe, 0000001E.00000003.3375729196.0000000003907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/P
                          Source: 412ec13ac5.exe, 0000001E.00000003.3630270875.000000000118F000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3207231180.000000000111D000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3589106795.000000000118F000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3298372606.0000000001196000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3467586885.000000000118F000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000002.3658768402.000000000117E000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3548508878.000000000118F000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3630270875.000000000117E000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3593252563.000000000111D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/api
                          Source: 412ec13ac5.exe, 0000001E.00000003.3632525311.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3622898084.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000002.3658232025.0000000001139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/api$
                          Source: 412ec13ac5.exe, 0000001E.00000003.3207422516.0000000001138000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3207231180.000000000111D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/api-
                          Source: 412ec13ac5.exe, 0000001E.00000002.3659052898.000000000118F000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3630270875.000000000118F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/apiDV
                          Source: 412ec13ac5.exe, 0000001E.00000002.3659052898.000000000118F000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3630270875.000000000118F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/apiIV
                          Source: 412ec13ac5.exe, 0000001E.00000003.3551750660.000000000117D000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3592146204.000000000117E000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3548292393.0000000001176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/pi
                          Source: 412ec13ac5.exe, 0000001E.00000003.3438661334.000000000390E000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3596871072.000000000390E000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3452315135.000000000390E000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3480531158.000000000390E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click:443/api
                          Source: 412ec13ac5.exe, 0000001E.00000003.3412770399.000000000390E000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3548818763.000000000390E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click:443/api(
                          Source: skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4278061535.0000000005B81000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                          Source: 9f6ea82062.exe, 00000020.00000003.3834740498.000000000BA2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                          Source: 580c9354ec.exe, 0000001F.00000003.3627062430.00000000060B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                          Source: 9f6ea82062.exe, 00000020.00000003.3834740498.000000000BA2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
                          Source: EUCyhuW.exe, 00000009.00000003.2856083987.000000000378F000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3385290739.000000000390D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3641823591.0000000005A5F000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4054758953.000000000B8E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
                          Source: EUCyhuW.exe, 00000009.00000003.2856083987.000000000378F000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3385290739.000000000390D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3641823591.0000000005A5F000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4054758953.000000000B8E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
                          Source: EUCyhuW.exe, 00000009.00000003.2805310164.0000000003728000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805076562.000000000372B000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805196036.0000000003728000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3245396945.00000000038AC000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3250034677.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3249885987.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3466602606.0000000005A0D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3467960261.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3476918307.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3531478078.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: EUCyhuW.exe, 00000009.00000003.2805310164.0000000003728000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805076562.000000000372B000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805196036.0000000003728000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3245396945.00000000038AC000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3250034677.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3249885987.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3466602606.0000000005A0D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3467960261.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3476918307.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3531478078.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000AD4000.00000040.00000001.01000000.00000012.sdmp, 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000BB7000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.mozilla.org/about/
                          Source: 9f6ea82062.exe, 00000020.00000003.3834740498.000000000BA2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000BB7000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.mozilla.org/about/t.exe
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000AD4000.00000040.00000001.01000000.00000012.sdmp, 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000BB7000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                          Source: 9f6ea82062.exe, 00000020.00000003.3834740498.000000000BA2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000AD4000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                          Source: EUCyhuW.exe, 00000009.00000003.2855580387.0000000003A15000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3382726374.0000000003B9D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3627062430.00000000060B2000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3834740498.000000000BA2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                          Source: 9f6ea82062.exe, 00000020.00000003.3834740498.000000000BA2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                          Source: EUCyhuW.exe, 00000009.00000003.2855580387.0000000003A15000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3382726374.0000000003B9D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3627062430.00000000060B2000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3834740498.000000000BA2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000AD4000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                          Source: EUCyhuW.exe, 00000009.00000003.2855580387.0000000003A15000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3382726374.0000000003B9D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3627062430.00000000060B2000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3834740498.000000000BA2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                          Source: firefox.exe, 00000031.00000002.3493824464.000001D0EF6B0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3494265817.000001D0F10A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000003.3492499042.000001D0EF6CD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3493939340.000001D0EF6D2000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000032.00000003.3804628103.000000000177B000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000032.00000003.3808584450.000000000177B000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000032.00000003.3727043148.0000000001577000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000032.00000003.3830810642.000000000177B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                          Source: firefox.exe, 00000031.00000002.3493824464.000001D0EF6BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
                          Source: 51ecf08926.exe, 00000021.00000003.3535624044.00000000016DF000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000021.00000003.3527139592.00000000016DF000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000021.00000003.3405370218.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000021.00000003.3581429163.00000000016F2000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000021.00000003.3587715027.00000000016F4000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000021.00000003.3490233583.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000021.00000002.3629103561.00000000016FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdQ
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00431160 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,9_2_00431160
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00431160 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,9_2_00431160
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00431705 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,9_2_00431705

                          System Summary

                          barindex
                          Binary is likely a compiled AutoIt script file
                          Source: 51ecf08926.exe, 00000021.00000000.3354831484.00000000004A2000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_1d007e67-1
                          Source: 51ecf08926.exe, 00000021.00000000.3354831484.00000000004A2000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_6610fd3f-6
                          Source: 51ecf08926.exe, 00000032.00000000.3491748335.00000000004A2000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_01ad68a9-e
                          Source: 51ecf08926.exe, 00000032.00000000.3491748335.00000000004A2000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_dc7d74f3-7
                          PE file contains section with special chars
                          Source: file.exeStatic PE information: section name:
                          Source: file.exeStatic PE information: section name: .idata
                          Source: skotes.exe.0.drStatic PE information: section name:
                          Source: skotes.exe.0.drStatic PE information: section name: .idata
                          Source: random[1].exe1.6.drStatic PE information: section name:
                          Source: random[1].exe1.6.drStatic PE information: section name: .idata
                          Source: random[1].exe1.6.drStatic PE information: section name:
                          Source: 580c9354ec.exe.6.drStatic PE information: section name:
                          Source: 580c9354ec.exe.6.drStatic PE information: section name: .idata
                          Source: 580c9354ec.exe.6.drStatic PE information: section name:
                          Source: random[1].exe2.6.drStatic PE information: section name:
                          Source: random[1].exe2.6.drStatic PE information: section name: .idata
                          Source: 9f6ea82062.exe.6.drStatic PE information: section name:
                          Source: 9f6ea82062.exe.6.drStatic PE information: section name: .idata
                          Source: random[2].exe0.6.drStatic PE information: section name:
                          Source: random[2].exe0.6.drStatic PE information: section name: .idata
                          Source: 5936bfa4af.exe.6.drStatic PE information: section name:
                          Source: 5936bfa4af.exe.6.drStatic PE information: section name: .idata
                          Source: random[2].exe2.6.drStatic PE information: section name:
                          Source: random[2].exe2.6.drStatic PE information: section name: .idata
                          Source: random[2].exe2.6.drStatic PE information: section name:
                          Source: a53907268b.exe.6.drStatic PE information: section name:
                          Source: a53907268b.exe.6.drStatic PE information: section name: .idata
                          Source: a53907268b.exe.6.drStatic PE information: section name:
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess Stats: CPU usage > 49%
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeProcess Stats: CPU usage > 49%
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\skotes.jobJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeFile created: C:\Windows\KrugerPowers
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeFile created: C:\Windows\GradVitamins
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeFile created: C:\Windows\ScienceCom
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeFile created: C:\Windows\FarmingDesignation
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeFile created: C:\Windows\OmissionsEmerald
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeFile created: C:\Windows\BaconTicket
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeFile created: C:\Windows\RenewableProgramme
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeFile created: C:\Windows\SodiumLegend
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF78BB0_2_00EF78BB
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF88600_2_00EF8860
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF70490_2_00EF7049
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF31A80_2_00EF31A8
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC7B6E0_2_00FC7B6E
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EB4B300_2_00EB4B30
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EB4DE00_2_00EB4DE0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF2D100_2_00EF2D10
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF779B0_2_00EF779B
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EE7F360_2_00EE7F36
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_007088602_2_00708860
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_007070492_2_00707049
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_007078BB2_2_007078BB
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_007031A82_2_007031A8
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_006C4B302_2_006C4B30
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_00702D102_2_00702D10
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_006C4DE02_2_006C4DE0
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_006F7F362_2_006F7F36
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_0070779B2_2_0070779B
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_007088603_2_00708860
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_007070493_2_00707049
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_007078BB3_2_007078BB
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_007031A83_2_007031A8
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006C4B303_2_006C4B30
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_00702D103_2_00702D10
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006C4DE03_2_006C4DE0
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006F7F363_2_006F7F36
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_0070779B3_2_0070779B
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_003610007_2_00361000
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_003787417_2_00378741
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_0037E9307_2_0037E930
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_0038BA427_2_0038BA42
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_00379B407_2_00379B40
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_00389C737_2_00389C73
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_00373CDF7_2_00373CDF
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_003610009_2_00361000
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_003787419_2_00378741
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0037E9309_2_0037E930
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0038BA429_2_0038BA42
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00379B409_2_00379B40
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00389C739_2_00389C73
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00373CDF9_2_00373CDF
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004360809_2_00436080
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0042A95E9_2_0042A95E
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004391709_2_00439170
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004251C09_2_004251C0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0042B2999_2_0042B299
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0042BA999_2_0042BA99
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004364609_2_00436460
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0041042D9_2_0041042D
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0040D4C59_2_0040D4C5
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004174969_2_00417496
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0043B4A39_2_0043B4A3
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00421DC59_2_00421DC5
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0043B6EA9_2_0043B6EA
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0043D6909_2_0043D690
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0043DF409_2_0043DF40
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0043AF5D9_2_0043AF5D
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004087609_2_00408760
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0041FF009_2_0041FF00
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004358709_2_00435870
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0040A8009_2_0040A800
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0041780D9_2_0041780D
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004188109_2_00418810
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004038D09_2_004038D0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004398D09_2_004398D0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004088E09_2_004088E0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004058B09_2_004058B0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0043D9009_2_0043D900
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004351249_2_00435124
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004091909_2_00409190
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0041C1909_2_0041C190
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004061A09_2_004061A0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004089B09_2_004089B0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00424A409_2_00424A40
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00419A609_2_00419A60
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0042A9599_2_0042A959
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00433A009_2_00433A00
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004212219_2_00421221
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004272D29_2_004272D2
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00420AD09_2_00420AD0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00435AD09_2_00435AD0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004042809_2_00404280
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004162929_2_00416292
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0042DB629_2_0042DB62
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0041CB009_2_0041CB00
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00415B329_2_00415B32
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0043CB309_2_0043CB30
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00404BC09_2_00404BC0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004263C79_2_004263C7
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0040EBCD9_2_0040EBCD
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0043DBE09_2_0043DBE0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0040CC419_2_0040CC41
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0042D46A9_2_0042D46A
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004074109_2_00407410
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004254C09_2_004254C0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00430CC09_2_00430CC0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00416CD29_2_00416CD2
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004254E09_2_004254E0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00413CF09_2_00413CF0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0043C4A09_2_0043C4A0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0040ACB09_2_0040ACB0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0042656B9_2_0042656B
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00423D329_2_00423D32
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004395E09_2_004395E0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00436DF09_2_00436DF0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004095809_2_00409580
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00426D909_2_00426D90
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0043C5909_2_0043C590
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0041C5A09_2_0041C5A0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00405E009_2_00405E00
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0040F6179_2_0040F617
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004066309_2_00406630
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00427EC09_2_00427EC0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00402ED09_2_00402ED0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004246E09_2_004246E0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00408E909_2_00408E90
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0041AE909_2_0041AE90
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0043C6909_2_0043C690
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00417E959_2_00417E95
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0041BEA09_2_0041BEA0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004197609_2_00419760
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004147709_2_00414770
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0041DF709_2_0041DF70
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0042EF109_2_0042EF10
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00430F109_2_00430F10
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00410F149_2_00410F14
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0043471B9_2_0043471B
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004277269_2_00427726
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0043C7309_2_0043C730
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0043C7C09_2_0043C7C0
                          Source: Joe Sandbox ViewDropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                          Source: C:\Users\user\Desktop\file.exeCode function: String function: 00EC80C0 appears 130 times
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 006DDF80 appears 36 times
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 006D80C0 appears 260 times
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: String function: 003814C4 appears 34 times
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: String function: 0037D05E appears 42 times
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: String function: 00413CE0 appears 73 times
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: String function: 003741E0 appears 94 times
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: String function: 00407FD0 appears 48 times
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 304
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: EUCyhuW[1].exe.6.drStatic PE information: Section: .bss ZLIB complexity 1.0003407005613125
                          Source: EUCyhuW.exe.6.drStatic PE information: Section: .bss ZLIB complexity 1.0003407005613125
                          Source: random[1].exe0.6.drStatic PE information: Section: .bss ZLIB complexity 1.0003343485169491
                          Source: random[1].exe0.6.drStatic PE information: Section: .bss ZLIB complexity 1.0003343485169491
                          Source: 412ec13ac5.exe.6.drStatic PE information: Section: .bss ZLIB complexity 1.0003343485169491
                          Source: 412ec13ac5.exe.6.drStatic PE information: Section: .bss ZLIB complexity 1.0003343485169491
                          Source: random[1].exe1.6.drStatic PE information: Section: ZLIB complexity 0.9973980629280822
                          Source: random[1].exe1.6.drStatic PE information: Section: gysvhwxe ZLIB complexity 0.9946611807036247
                          Source: 580c9354ec.exe.6.drStatic PE information: Section: ZLIB complexity 0.9973980629280822
                          Source: 580c9354ec.exe.6.drStatic PE information: Section: gysvhwxe ZLIB complexity 0.9946611807036247
                          Source: random[2].exe2.6.drStatic PE information: Section: ZLIB complexity 0.9974582619863014
                          Source: random[2].exe2.6.drStatic PE information: Section: wekcazbo ZLIB complexity 0.9943740803274977
                          Source: a53907268b.exe.6.drStatic PE information: Section: ZLIB complexity 0.9974582619863014
                          Source: a53907268b.exe.6.drStatic PE information: Section: wekcazbo ZLIB complexity 0.9943740803274977
                          Source: random[2].exe0.6.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                          Source: 5936bfa4af.exe.6.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@114/80@0/21
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00436460 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,9_2_00436460
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\EUCyhuW[1].exeJump to behavior
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5284:120:WilError_03
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeMutant created: NULL
                          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6496
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6364:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5808:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:64:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6716:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6500:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6308:120:WilError_03
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeMutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6304:120:WilError_03
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\abc3bc1985Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSystem information queried: HandleInformation
                          Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                          Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                          Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
                          Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
                          Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
                          Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
                          Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
                          Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
                          Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
                          Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: 9f6ea82062.exe, 00000020.00000002.4077186117.000000006C29F000.00000002.00000001.01000000.0000001D.sdmp, 9f6ea82062.exe, 00000020.00000002.4047572344.0000000005794000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4065557935.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                          Source: 9f6ea82062.exe, 00000020.00000002.4077186117.000000006C29F000.00000002.00000001.01000000.0000001D.sdmp, 9f6ea82062.exe, 00000020.00000002.4047572344.0000000005794000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4065557935.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                          Source: 9f6ea82062.exe, 00000020.00000002.4077186117.000000006C29F000.00000002.00000001.01000000.0000001D.sdmp, 9f6ea82062.exe, 00000020.00000002.4047572344.0000000005794000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4065557935.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                          Source: 9f6ea82062.exe, 00000020.00000002.4077186117.000000006C29F000.00000002.00000001.01000000.0000001D.sdmp, 9f6ea82062.exe, 00000020.00000002.4047572344.0000000005794000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4065557935.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                          Source: 9f6ea82062.exe, 00000020.00000002.4077186117.000000006C29F000.00000002.00000001.01000000.0000001D.sdmp, 9f6ea82062.exe, 00000020.00000002.4047572344.0000000005794000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4065557935.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                          Source: 9f6ea82062.exe, 00000020.00000002.4077186117.000000006C29F000.00000002.00000001.01000000.0000001D.sdmp, 9f6ea82062.exe, 00000020.00000002.4047572344.0000000005794000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4065557935.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                          Source: 9f6ea82062.exe, 00000020.00000002.4047572344.0000000005794000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4065557935.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
                          Source: EUCyhuW.exe, 00000009.00000003.2805649505.00000000036FA000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805476460.0000000003716000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3342590857.0000000003912000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3250195439.0000000003897000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3333980226.000000000387F000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3250778707.000000000387A000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3488469343.00000000059F8000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3492015539.00000000059DD000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3678574025.000000000563C000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3530217719.0000000005648000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: 9f6ea82062.exe, 00000020.00000002.4047572344.0000000005794000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4065557935.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                          Source: 9f6ea82062.exe, 00000020.00000002.4047572344.0000000005794000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4065557935.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                          Source: file.exeVirustotal: Detection: 58%
                          Source: file.exeReversingLabs: Detection: 55%
                          Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                          Source: skotes.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                          Source: skotes.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                          Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
                          Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                          Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe "C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe"
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeProcess created: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe "C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe"
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 304
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe "C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe"
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Campbell Campbell.cmd & Campbell.cmd
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 370821
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Anchor" Veterinary
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Genre + ..\Mj + ..\Discs + ..\Receiving + ..\Mysterious + ..\Aka w
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\370821\Sale.com Sale.com w
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019563001\hYW0tgm.exe "C:\Users\user\AppData\Local\Temp\1019563001\hYW0tgm.exe"
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exe "C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exe"
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe "C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe"
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeProcess created: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe "C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe"
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe "C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe"
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe "C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe"
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe "C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe"
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe "C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe"
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1916,i,5817995298996924960,10670888794113214286,262144 /prefetch:8
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exe "C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exe"
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                          Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe "C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe"
                          Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe "C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe "C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019563001\hYW0tgm.exe "C:\Users\user\AppData\Local\Temp\1019563001\hYW0tgm.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exe "C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe "C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe "C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe "C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe "C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exe "C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeProcess created: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe "C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe"Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Campbell Campbell.cmd & Campbell.cmd
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 370821
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Anchor" Veterinary
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Genre + ..\Mj + ..\Discs + ..\Receiving + ..\Mysterious + ..\Aka w
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\370821\Sale.com Sale.com w
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeProcess created: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe "C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe"
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1916,i,5817995298996924960,10670888794113214286,262144 /prefetch:8
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: unknown unknown
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                          Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: mstask.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: dui70.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: duser.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: chartv.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: oleacc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: atlthunk.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wtsapi32.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: winsta.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: explorerframe.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: webio.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: version.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: shfolder.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: propsys.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: riched20.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: usp10.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: msls31.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: textinputframework.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: coreuicomponents.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: coremessaging.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: ntmarta.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: wintypes.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: textshaping.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: edputil.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: urlmon.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: iertutil.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: srvcli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: netutils.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: windows.staterepositoryps.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: appresolver.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: bcp47langs.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: slc.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: userenv.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: sppc.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: onecorecommonproxystub.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeSection loaded: onecoreuapcommonproxystub.dll
                          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dll
                          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dll
                          Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: wsock32.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: version.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: winmm.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: mpr.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: wininet.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: iphlpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: userenv.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: rasadhlp.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: winhttp.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: webio.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: winnsi.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: schannel.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: mskeyprotect.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: ntasn1.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: ncrypt.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: ncryptsslp.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: msasn1.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: cryptsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: rsaenh.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: cryptbase.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: gpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: dpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: wbemcomn.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: amsi.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019563001\hYW0tgm.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019563001\hYW0tgm.exeSection loaded: msasn1.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: winhttp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: webio.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: iphlpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: winnsi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: rasadhlp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: schannel.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: mskeyprotect.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: ntasn1.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: ncrypt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: ncryptsslp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: msasn1.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: cryptsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: rsaenh.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: cryptbase.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: gpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: dpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: cryptsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: winhttp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: webio.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: iphlpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: winnsi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: rasadhlp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: schannel.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: mskeyprotect.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: ntasn1.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: ncrypt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: ncryptsslp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: msasn1.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: cryptsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: rsaenh.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: cryptbase.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: gpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: dpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: wbemcomn.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: amsi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: userenv.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: version.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: winmm.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: winhttp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: webio.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: iphlpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: winnsi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: rasadhlp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: schannel.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: mskeyprotect.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: ntasn1.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: ncrypt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: ncryptsslp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: msasn1.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: cryptsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: rsaenh.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: cryptbase.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: gpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: dpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: wbemcomn.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: amsi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: userenv.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: version.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: apphelp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: winmm.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: wininet.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: rstrtmgr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: ncrypt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: ntasn1.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: iertutil.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: winhttp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: iphlpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: winnsi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: urlmon.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: srvcli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: netutils.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: dpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: cryptbase.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: rasadhlp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: ntmarta.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: mozglue.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: wsock32.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: vcruntime140.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: msvcp140.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSection loaded: vcruntime140.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: wsock32.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: version.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: winmm.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: mpr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: wininet.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: iphlpapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: userenv.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: uxtheme.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: wldp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: rasadhlp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: profapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: fwpuclnt.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: napinsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: pnrpnsp.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: wshbth.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: nlaapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: mswsock.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: dnsapi.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: winrnr.dll
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeSection loaded: fwpuclnt.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
                          Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: file.exeStatic file information: File size 3321344 > 1048576
                          Source: file.exeStatic PE information: Raw size of jxvuvlsp is bigger than: 0x100000 < 0x2bee00
                          Source: Binary string: mozglue.pdbP source: 9f6ea82062.exe, 00000020.00000002.4069578254.000000006C0DD000.00000002.00000001.01000000.0000001E.sdmp
                          Source: Binary string: nss3.pdb@ source: 9f6ea82062.exe, 00000020.00000002.4077186117.000000006C29F000.00000002.00000001.01000000.0000001D.sdmp
                          Source: Binary string: C:\Users\danie\source\repos\NewText\NewText\obj\Debug\NewTextV2.pdb source: skotes.exe, 00000006.00000003.4278061535.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4281279423.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: C:\Users\danie\source\repos\NewText\NewText\obj\Debug\NewTextV2.pdbdj~j pj_CorExeMainmscoree.dll source: skotes.exe, 00000006.00000003.4278061535.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4281279423.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: nss3.pdb source: 9f6ea82062.exe, 00000020.00000002.4077186117.000000006C29F000.00000002.00000001.01000000.0000001D.sdmp
                          Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 5936bfa4af.exe, 0000002C.00000002.3621203518.0000000000192000.00000040.00000001.01000000.00000016.sdmp
                          Source: Binary string: C:\Admin\Workspace\1766103906\Project\Release\Project.pdb source: 17ce3a84e4.exe, 0000001B.00000003.4436703085.0000000002F46000.00000004.00000800.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000000.3007120509.00000000005EC000.00000002.00000001.01000000.0000000F.sdmp, 17ce3a84e4.exe, 0000001B.00000002.4512003521.00000000005EC000.00000002.00000001.01000000.0000000F.sdmp
                          Source: Binary string: mozglue.pdb source: 9f6ea82062.exe, 00000020.00000002.4069578254.000000006C0DD000.00000002.00000001.01000000.0000001E.sdmp

                          Data Obfuscation

                          barindex
                          Detected unpacking (changes PE section rights)
                          Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.eb0000.0.unpack :EW;.rsrc:W;.idata :W;jxvuvlsp:EW;mchtvxnx:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;jxvuvlsp:EW;mchtvxnx:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeUnpacked PE file: 2.2.skotes.exe.6c0000.0.unpack :EW;.rsrc:W;.idata :W;jxvuvlsp:EW;mchtvxnx:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;jxvuvlsp:EW;mchtvxnx:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeUnpacked PE file: 3.2.skotes.exe.6c0000.0.unpack :EW;.rsrc:W;.idata :W;jxvuvlsp:EW;mchtvxnx:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;jxvuvlsp:EW;mchtvxnx:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeUnpacked PE file: 32.2.9f6ea82062.exe.a50000.0.unpack :EW;.rsrc:W;.idata :W;snxelege:EW;ykhzuyiy:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;snxelege:EW;ykhzuyiy:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeUnpacked PE file: 36.2.9f6ea82062.exe.a50000.0.unpack :EW;.rsrc:W;.idata :W;snxelege:EW;ykhzuyiy:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;snxelege:EW;ykhzuyiy:EW;.taggant:EW;
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeUnpacked PE file: 44.2.5936bfa4af.exe.190000.0.unpack :EW;.rsrc:W;.idata :W;fsnanlnd:EW;vmzqagxo:EW;.taggant:EW; vs :ER;.rsrc:W;
                          Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                          Source: 647da3efc5.exe.6.drStatic PE information: real checksum: 0x0 should be: 0x7aa07
                          Source: random[1].exe2.6.drStatic PE information: real checksum: 0x2c9641 should be: 0x2d370e
                          Source: SurveillanceWalls.exe.6.drStatic PE information: real checksum: 0x13aed5 should be: 0x14afb9
                          Source: skotes.exe.0.drStatic PE information: real checksum: 0x334264 should be: 0x3300db
                          Source: 412ec13ac5.exe.6.drStatic PE information: real checksum: 0x0 should be: 0xc8597
                          Source: random[2].exe2.6.drStatic PE information: real checksum: 0x1d4149 should be: 0x1d15dc
                          Source: random[1].exe0.6.drStatic PE information: real checksum: 0x0 should be: 0xc8597
                          Source: 9f6ea82062.exe.6.drStatic PE information: real checksum: 0x2c9641 should be: 0x2d370e
                          Source: 580c9354ec.exe.6.drStatic PE information: real checksum: 0x1ca3fb should be: 0x1cf3ec
                          Source: hYW0tgm[1].exe.6.drStatic PE information: real checksum: 0x0 should be: 0x5958b
                          Source: random[2].exe0.6.drStatic PE information: real checksum: 0x2b2e8b should be: 0x2b4359
                          Source: 5936bfa4af.exe.6.drStatic PE information: real checksum: 0x2b2e8b should be: 0x2b4359
                          Source: random[1].exe1.6.drStatic PE information: real checksum: 0x1ca3fb should be: 0x1cf3ec
                          Source: SurveillanceWalls[1].exe.6.drStatic PE information: real checksum: 0x13aed5 should be: 0x14afb9
                          Source: hYW0tgm.exe.6.drStatic PE information: real checksum: 0x0 should be: 0x5958b
                          Source: random[3].exe0.6.drStatic PE information: real checksum: 0x0 should be: 0x9f7ff
                          Source: random[2].exe1.6.drStatic PE information: real checksum: 0x0 should be: 0x7aa07
                          Source: file.exeStatic PE information: real checksum: 0x334264 should be: 0x3300db
                          Source: 0c0e50df68.exe.6.drStatic PE information: real checksum: 0x0 should be: 0x9f7ff
                          Source: a53907268b.exe.6.drStatic PE information: real checksum: 0x1d4149 should be: 0x1d15dc
                          Source: file.exeStatic PE information: section name:
                          Source: file.exeStatic PE information: section name: .idata
                          Source: file.exeStatic PE information: section name: jxvuvlsp
                          Source: file.exeStatic PE information: section name: mchtvxnx
                          Source: file.exeStatic PE information: section name: .taggant
                          Source: skotes.exe.0.drStatic PE information: section name:
                          Source: skotes.exe.0.drStatic PE information: section name: .idata
                          Source: skotes.exe.0.drStatic PE information: section name: jxvuvlsp
                          Source: skotes.exe.0.drStatic PE information: section name: mchtvxnx
                          Source: skotes.exe.0.drStatic PE information: section name: .taggant
                          Source: random[1].exe.6.drStatic PE information: section name: .fptable
                          Source: 17ce3a84e4.exe.6.drStatic PE information: section name: .fptable
                          Source: random[1].exe1.6.drStatic PE information: section name:
                          Source: random[1].exe1.6.drStatic PE information: section name: .idata
                          Source: random[1].exe1.6.drStatic PE information: section name:
                          Source: random[1].exe1.6.drStatic PE information: section name: gysvhwxe
                          Source: random[1].exe1.6.drStatic PE information: section name: isftafyi
                          Source: random[1].exe1.6.drStatic PE information: section name: .taggant
                          Source: 580c9354ec.exe.6.drStatic PE information: section name:
                          Source: 580c9354ec.exe.6.drStatic PE information: section name: .idata
                          Source: 580c9354ec.exe.6.drStatic PE information: section name:
                          Source: 580c9354ec.exe.6.drStatic PE information: section name: gysvhwxe
                          Source: 580c9354ec.exe.6.drStatic PE information: section name: isftafyi
                          Source: 580c9354ec.exe.6.drStatic PE information: section name: .taggant
                          Source: random[1].exe2.6.drStatic PE information: section name:
                          Source: random[1].exe2.6.drStatic PE information: section name: .idata
                          Source: random[1].exe2.6.drStatic PE information: section name: snxelege
                          Source: random[1].exe2.6.drStatic PE information: section name: ykhzuyiy
                          Source: random[1].exe2.6.drStatic PE information: section name: .taggant
                          Source: 9f6ea82062.exe.6.drStatic PE information: section name:
                          Source: 9f6ea82062.exe.6.drStatic PE information: section name: .idata
                          Source: 9f6ea82062.exe.6.drStatic PE information: section name: snxelege
                          Source: 9f6ea82062.exe.6.drStatic PE information: section name: ykhzuyiy
                          Source: 9f6ea82062.exe.6.drStatic PE information: section name: .taggant
                          Source: random[2].exe0.6.drStatic PE information: section name:
                          Source: random[2].exe0.6.drStatic PE information: section name: .idata
                          Source: random[2].exe0.6.drStatic PE information: section name: fsnanlnd
                          Source: random[2].exe0.6.drStatic PE information: section name: vmzqagxo
                          Source: random[2].exe0.6.drStatic PE information: section name: .taggant
                          Source: 5936bfa4af.exe.6.drStatic PE information: section name:
                          Source: 5936bfa4af.exe.6.drStatic PE information: section name: .idata
                          Source: 5936bfa4af.exe.6.drStatic PE information: section name: fsnanlnd
                          Source: 5936bfa4af.exe.6.drStatic PE information: section name: vmzqagxo
                          Source: 5936bfa4af.exe.6.drStatic PE information: section name: .taggant
                          Source: random[2].exe2.6.drStatic PE information: section name:
                          Source: random[2].exe2.6.drStatic PE information: section name: .idata
                          Source: random[2].exe2.6.drStatic PE information: section name:
                          Source: random[2].exe2.6.drStatic PE information: section name: wekcazbo
                          Source: random[2].exe2.6.drStatic PE information: section name: ttllozcv
                          Source: random[2].exe2.6.drStatic PE information: section name: .taggant
                          Source: a53907268b.exe.6.drStatic PE information: section name:
                          Source: a53907268b.exe.6.drStatic PE information: section name: .idata
                          Source: a53907268b.exe.6.drStatic PE information: section name:
                          Source: a53907268b.exe.6.drStatic PE information: section name: wekcazbo
                          Source: a53907268b.exe.6.drStatic PE information: section name: ttllozcv
                          Source: a53907268b.exe.6.drStatic PE information: section name: .taggant
                          Source: msvcp140[1].dll.32.drStatic PE information: section name: .didat
                          Source: nss3.dll.32.drStatic PE information: section name: .00cfg
                          Source: nss3[1].dll.32.drStatic PE information: section name: .00cfg
                          Source: softokn3.dll.32.drStatic PE information: section name: .00cfg
                          Source: softokn3[1].dll.32.drStatic PE information: section name: .00cfg
                          Source: freebl3.dll.32.drStatic PE information: section name: .00cfg
                          Source: freebl3[1].dll.32.drStatic PE information: section name: .00cfg
                          Source: mozglue.dll.32.drStatic PE information: section name: .00cfg
                          Source: mozglue[1].dll.32.drStatic PE information: section name: .00cfg
                          Source: msvcp140.dll.32.drStatic PE information: section name: .didat
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ECD91C push ecx; ret 0_2_00ECD92F
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC1359 push es; ret 0_2_00EC135A
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_006DD91C push ecx; ret 2_2_006DD92F
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006DD91C push ecx; ret 3_2_006DD92F
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_00374303 push ecx; ret 7_2_00374316
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00374303 push ecx; ret 9_2_00374316
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0043C3F0 push eax; mov dword ptr [esp], 060504D3h9_2_0043C3F5
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00439550 push eax; mov dword ptr [esp], D1D2D3D4h9_2_0043955E
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0044251C pushad ; iretd 9_2_004425A3
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004455EC push esp; ret 9_2_004455ED
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_004457A4 push ecx; ret 9_2_004457A5
                          Source: file.exeStatic PE information: section name: entropy: 7.068382572685461
                          Source: skotes.exe.0.drStatic PE information: section name: entropy: 7.068382572685461
                          Source: random[1].exe1.6.drStatic PE information: section name: entropy: 7.986802269379311
                          Source: random[1].exe1.6.drStatic PE information: section name: gysvhwxe entropy: 7.954266433248045
                          Source: 580c9354ec.exe.6.drStatic PE information: section name: entropy: 7.986802269379311
                          Source: 580c9354ec.exe.6.drStatic PE information: section name: gysvhwxe entropy: 7.954266433248045
                          Source: random[2].exe2.6.drStatic PE information: section name: entropy: 7.980952558000639
                          Source: random[2].exe2.6.drStatic PE information: section name: wekcazbo entropy: 7.952954751128578
                          Source: a53907268b.exe.6.drStatic PE information: section name: entropy: 7.980952558000639
                          Source: a53907268b.exe.6.drStatic PE information: section name: wekcazbo entropy: 7.952954751128578

                          Persistence and Installation Behavior

                          barindex
                          Drops PE files with a suspicious file extension
                          Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\370821\Sale.comJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1019603001\d0c6b9d6b8.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[3].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[2].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[2].exeJump to dropped file
                          Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\370821\Sale.comJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[3].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1019602001\647da3efc5.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1019601001\a53907268b.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1019604001\0c0e50df68.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\hYW0tgm[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\EUCyhuW[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\SurveillanceWalls[1].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1019563001\hYW0tgm.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file

                          Boot Survival

                          barindex
                          Creates multiple autostart registry keys
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 580c9354ec.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9f6ea82062.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 51ecf08926.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 1ba4718074.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 5936bfa4af.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 408fbd4e57.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dfe1c8ec1f.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9e7a844ab2.exeJump to behavior
                          Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonclassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonclassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonclassJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeWindow searched: window name: Filemonclass
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow searched: window name: Filemonclass
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow searched: window name: Filemonclass
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeWindow searched: window name: RegmonClass
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeWindow searched: window name: FilemonClass
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeWindow searched: window name: Filemonclass
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeWindow searched: window name: Regmonclass
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\skotes.jobJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 580c9354ec.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 580c9354ec.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9f6ea82062.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9f6ea82062.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 51ecf08926.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 51ecf08926.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 5936bfa4af.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 5936bfa4af.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 1ba4718074.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 1ba4718074.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 408fbd4e57.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 408fbd4e57.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9e7a844ab2.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9e7a844ab2.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dfe1c8ec1f.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dfe1c8ec1f.exeJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess information set: NOOPENFILEERRORBOX

                          Malware Analysis System Evasion

                          barindex
                          Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
                          Source: C:\Users\user\Desktop\file.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_0-11395
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_2-9705
                          Query firmware table information (likely to detect VMs)
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeSystem information queried: FirmwareTableInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comSystem information queried: FirmwareTableInformation
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeSystem information queried: FirmwareTableInformation
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSystem information queried: FirmwareTableInformation
                          Tries to detect sandboxes / dynamic malware analysis system (registry check)
                          Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                          Tries to detect virtualization through RDTSC time measurements
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108779D second address: 10877A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109F2D3 second address: 109F2D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109F2D7 second address: 109F2F0 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8F4CECCCE6h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jg 00007F8F4CECCCE6h 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109F2F0 second address: 109F30A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C50240Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007F8F4C50240Ch 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109F5EE second address: 109F5F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109F5F8 second address: 109F607 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jl 00007F8F4C502406h 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109F76A second address: 109F770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109F770 second address: 109F774 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109F774 second address: 109F778 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109F778 second address: 109F784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109F784 second address: 109F788 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109FA5F second address: 109FA97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F8F4C502417h 0x0000000b popad 0x0000000c push esi 0x0000000d jnl 00007F8F4C502406h 0x00000013 pop esi 0x00000014 popad 0x00000015 pushad 0x00000016 push edi 0x00000017 jnl 00007F8F4C502406h 0x0000001d pop edi 0x0000001e push eax 0x0000001f push edx 0x00000020 jo 00007F8F4C502406h 0x00000026 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109FA97 second address: 109FA9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109FBDE second address: 109FBE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109FBE4 second address: 109FBE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109FBE8 second address: 109FBF4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jnc 00007F8F4C502406h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A17F2 second address: 10A17F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A17F8 second address: 10A17FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A17FC second address: 10A18C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jnp 00007F8F4CECCCF9h 0x0000000f jmp 00007F8F4CECCCF3h 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 push esi 0x00000019 jmp 00007F8F4CECCCF9h 0x0000001e pop esi 0x0000001f mov eax, dword ptr [eax] 0x00000021 push ecx 0x00000022 push eax 0x00000023 push esi 0x00000024 pop esi 0x00000025 pop eax 0x00000026 pop ecx 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b push ebx 0x0000002c pushad 0x0000002d jmp 00007F8F4CECCCF8h 0x00000032 js 00007F8F4CECCCE6h 0x00000038 popad 0x00000039 pop ebx 0x0000003a pop eax 0x0000003b mov dx, 72DBh 0x0000003f and ecx, dword ptr [ebp+122D2CEDh] 0x00000045 lea ebx, dword ptr [ebp+12456477h] 0x0000004b jmp 00007F8F4CECCCEDh 0x00000050 xchg eax, ebx 0x00000051 jbe 00007F8F4CECCCECh 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b jmp 00007F8F4CECCCF5h 0x00000060 jmp 00007F8F4CECCCF1h 0x00000065 popad 0x00000066 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A18C1 second address: 10A18CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F8F4C502406h 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A18F8 second address: 10A18FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A18FC second address: 10A191A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F8F4C50240Ch 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007F8F4C502408h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A191A second address: 10A1951 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov dword ptr [ebp+122D2F75h], edx 0x00000010 push 00000000h 0x00000012 cmc 0x00000013 call 00007F8F4CECCCE9h 0x00000018 jp 00007F8F4CECCCEEh 0x0000001e push eax 0x0000001f pushad 0x00000020 pushad 0x00000021 push ebx 0x00000022 pop ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A1951 second address: 10A1982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8F4C50240Eh 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F8F4C502413h 0x00000019 popad 0x0000001a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A1982 second address: 10A19A6 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8F4CECCCE8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f jmp 00007F8F4CECCCF2h 0x00000014 pop ecx 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A19A6 second address: 10A19B0 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8F4C50240Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A19B0 second address: 10A19C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A19C0 second address: 10A19C6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A19C6 second address: 10A1A42 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 mov dword ptr [ebp+122D3611h], edi 0x0000000f push 00000003h 0x00000011 jmp 00007F8F4CECCCEDh 0x00000016 push 00000000h 0x00000018 call 00007F8F4CECCCF8h 0x0000001d jne 00007F8F4CECCCECh 0x00000023 xor ecx, 5EAD6C00h 0x00000029 pop edi 0x0000002a jmp 00007F8F4CECCCEEh 0x0000002f push 00000003h 0x00000031 jmp 00007F8F4CECCCF9h 0x00000036 push 73BBFCF5h 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e jl 00007F8F4CECCCE6h 0x00000044 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A1A42 second address: 10A1A7D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 add dword ptr [esp], 4C44030Bh 0x0000000e mov dword ptr [ebp+122D1E61h], eax 0x00000014 lea ebx, dword ptr [ebp+12456482h] 0x0000001a jp 00007F8F4C50240Ch 0x00000020 push eax 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F8F4C502411h 0x00000029 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B3EB4 second address: 10B3EDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 jmp 00007F8F4CECCCF4h 0x0000000b pop ebx 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 js 00007F8F4CECCCE6h 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C3E4D second address: 10C3E51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C3E51 second address: 10C3E67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8F4CECCCE6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007F8F4CECCCE6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C3E67 second address: 10C3E6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C3E6B second address: 10C3E6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1084154 second address: 108416B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pushad 0x00000008 pushad 0x00000009 je 00007F8F4C502406h 0x0000000f jl 00007F8F4C502406h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C1D14 second address: 10C1D1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C1D1C second address: 10C1D20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C1E6F second address: 10C1EB6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCF9h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F8F4CECCCF9h 0x00000011 pushad 0x00000012 popad 0x00000013 jnc 00007F8F4CECCCE6h 0x00000019 popad 0x0000001a pop ebx 0x0000001b pushad 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C1EB6 second address: 10C1EC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8F4C502406h 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C1EC4 second address: 10C1ECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C22DD second address: 10C22EB instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8F4C502406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C22EB second address: 10C22EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C22EF second address: 10C2305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 jmp 00007F8F4C50240Bh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C2305 second address: 10C230A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C230A second address: 10C231C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c jne 00007F8F4C502406h 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C2746 second address: 10C274D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C274D second address: 10C2761 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F4C502410h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C2761 second address: 10C277D instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8F4CECCCE6h 0x00000008 jmp 00007F8F4CECCCEFh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C28C3 second address: 10C28CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C28CB second address: 10C28D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F8F4CECCCE6h 0x0000000a popad 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C2A34 second address: 10C2A3A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C2A3A second address: 10C2A75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCF5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jnl 00007F8F4CECCCE6h 0x00000011 jmp 00007F8F4CECCCF6h 0x00000016 popad 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B62D0 second address: 10B62D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B62D4 second address: 10B62E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007F8F4CECCCE6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B62E3 second address: 10B62FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8F4C502406h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e jg 00007F8F4C502406h 0x00000014 pushad 0x00000015 popad 0x00000016 pop esi 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B62FA second address: 10B62FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1097F5E second address: 1097F70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8F4C50240Bh 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1097F70 second address: 1097F76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C39C1 second address: 10C39C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C39C8 second address: 10C39D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F8F4CECCCE6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C3C63 second address: 10C3C69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C3C69 second address: 10C3C74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C3C74 second address: 10C3C96 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8F4C50240Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F8F4C50240Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C3C96 second address: 10C3C9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C3C9E second address: 10C3CA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C9354 second address: 10C93A5 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8F4CECCCE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jmp 00007F8F4CECCCF9h 0x00000010 pop edi 0x00000011 jmp 00007F8F4CECCCEDh 0x00000016 jmp 00007F8F4CECCCF0h 0x0000001b popad 0x0000001c je 00007F8F4CECCCFEh 0x00000022 push eax 0x00000023 push edx 0x00000024 jl 00007F8F4CECCCE6h 0x0000002a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C93A5 second address: 10C93A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CD1EB second address: 10CD1F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CD1F1 second address: 10CD1F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CD1F7 second address: 10CD217 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jc 00007F8F4CECCCECh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CD217 second address: 10CD269 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 jp 00007F8F4C502406h 0x0000000b pop ebx 0x0000000c popad 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jmp 00007F8F4C50240Dh 0x00000016 mov eax, dword ptr [eax] 0x00000018 jnp 00007F8F4C502412h 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 push eax 0x00000023 push edx 0x00000024 jns 00007F8F4C50241Ah 0x0000002a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CD39C second address: 10CD3A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CD3A7 second address: 10CD3BA instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8F4C502406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jns 00007F8F4C502406h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D1165 second address: 10D116D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D116D second address: 10D1188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F8F4C502413h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D1188 second address: 10D11A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F4CECCCF2h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D11A6 second address: 10D11B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8F4C502406h 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D11B0 second address: 10D11B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D11B4 second address: 10D11C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F8F4C50240Ch 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D11C6 second address: 10D11FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8F4CECCCF4h 0x00000008 jno 00007F8F4CECCCE6h 0x0000000e push edi 0x0000000f pop edi 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007F8F4CECCCF4h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108C53A second address: 108C53E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D4098 second address: 10D409E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D4C9A second address: 10D4C9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D4C9F second address: 10D4CA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F8F4CECCCE6h 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D4DBE second address: 10D4DC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F8F4C502406h 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D4DC8 second address: 10D4DCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D4DCC second address: 10D4DDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D4DDA second address: 10D4DDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D4F90 second address: 10D4F95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D4F95 second address: 10D4F9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D505C second address: 10D5066 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8F4C502406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D529D second address: 10D52D1 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8F4CECCCE8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d jmp 00007F8F4CECCCF3h 0x00000012 xchg eax, ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F8F4CECCCEDh 0x0000001c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D52D1 second address: 10D52D7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D52D7 second address: 10D52EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8F4CECCCF0h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D52EC second address: 10D52F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D52F9 second address: 10D52FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D582A second address: 10D5830 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D5830 second address: 10D583E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F4CECCCEAh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D583E second address: 10D5842 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D7317 second address: 10D731D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D7967 second address: 10D796D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D8B9A second address: 10D8BA8 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8F4CECCCE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D8326 second address: 10D832A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10DA21D second address: 10DA223 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D9F99 second address: 10D9F9F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10DB549 second address: 10DB54D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10DBFCF second address: 10DBFD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10DBFD3 second address: 10DC009 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCF7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F8F4CECCCF0h 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10DED85 second address: 10DED8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10DED8B second address: 10DEE0F instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8F4CECCCE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F8F4CECCCF0h 0x00000012 nop 0x00000013 xor bl, FFFFFFBAh 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007F8F4CECCCE8h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 0000001Ah 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push ebx 0x00000037 call 00007F8F4CECCCE8h 0x0000003c pop ebx 0x0000003d mov dword ptr [esp+04h], ebx 0x00000041 add dword ptr [esp+04h], 00000018h 0x00000049 inc ebx 0x0000004a push ebx 0x0000004b ret 0x0000004c pop ebx 0x0000004d ret 0x0000004e mov dword ptr [ebp+12450DF3h], ecx 0x00000054 jng 00007F8F4CECCCEDh 0x0000005a pushad 0x0000005b movzx ebx, di 0x0000005e pushad 0x0000005f popad 0x00000060 popad 0x00000061 push eax 0x00000062 pushad 0x00000063 push eax 0x00000064 push edx 0x00000065 js 00007F8F4CECCCE6h 0x0000006b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10DFCE2 second address: 10DFCE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10DFCE6 second address: 10DFD79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a movzx ebx, bx 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F8F4CECCCE8h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 mov dword ptr [ebp+124678DFh], ebx 0x0000002f mov dword ptr [ebp+12450DF3h], eax 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push esi 0x0000003a call 00007F8F4CECCCE8h 0x0000003f pop esi 0x00000040 mov dword ptr [esp+04h], esi 0x00000044 add dword ptr [esp+04h], 00000018h 0x0000004c inc esi 0x0000004d push esi 0x0000004e ret 0x0000004f pop esi 0x00000050 ret 0x00000051 mov bx, dx 0x00000054 sub dword ptr [ebp+12451F65h], esi 0x0000005a xchg eax, esi 0x0000005b pushad 0x0000005c push eax 0x0000005d jmp 00007F8F4CECCCF4h 0x00000062 pop eax 0x00000063 jns 00007F8F4CECCCECh 0x00000069 js 00007F8F4CECCCE6h 0x0000006f popad 0x00000070 push eax 0x00000071 push ecx 0x00000072 jnl 00007F8F4CECCCECh 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10DFEE4 second address: 10DFEE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E2F1F second address: 10E2F41 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8F4CECCCFDh 0x00000008 jnc 00007F8F4CECCCE6h 0x0000000e jmp 00007F8F4CECCCF1h 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10964ED second address: 1096509 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F4C50240Ah 0x00000009 popad 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jnc 00007F8F4C502406h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1096509 second address: 1096517 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jne 00007F8F4CECCCE6h 0x0000000d pop ebx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1096517 second address: 109651C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E0F63 second address: 10E0F85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F8F4CECCCEDh 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007F8F4CECCCECh 0x00000014 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E4E57 second address: 10E4E7B instructions: 0x00000000 rdtsc 0x00000002 js 00007F8F4C502406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jl 00007F8F4C502408h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F8F4C50240Eh 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E6A30 second address: 10E6A34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E6A34 second address: 10E6A38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E6A38 second address: 10E6A3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E6A3E second address: 10E6A61 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8F4C502414h 0x00000008 jmp 00007F8F4C50240Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jp 00007F8F4C502406h 0x0000001a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E6A61 second address: 10E6A67 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E6A67 second address: 10E6A6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E8B63 second address: 10E8B69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E8B69 second address: 10E8B7E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F8F4C50240Dh 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E8B7E second address: 10E8B84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E8B84 second address: 10E8B88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E8B88 second address: 10E8B8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E9F72 second address: 10E9FC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 mov dword ptr [esp], eax 0x00000009 add ebx, 2CD62DE1h 0x0000000f mov bl, dl 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007F8F4C502408h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 0000001Bh 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d mov dword ptr [ebp+1245CB43h], ecx 0x00000033 push ebx 0x00000034 pop ebx 0x00000035 push 00000000h 0x00000037 cld 0x00000038 push eax 0x00000039 push ecx 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F8F4C502411h 0x00000041 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10EEF88 second address: 10EEF8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10EEF8E second address: 10EF013 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ebp 0x0000000c call 00007F8F4C502408h 0x00000011 pop ebp 0x00000012 mov dword ptr [esp+04h], ebp 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc ebp 0x0000001f push ebp 0x00000020 ret 0x00000021 pop ebp 0x00000022 ret 0x00000023 add bx, F260h 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push edx 0x0000002d call 00007F8F4C502408h 0x00000032 pop edx 0x00000033 mov dword ptr [esp+04h], edx 0x00000037 add dword ptr [esp+04h], 00000014h 0x0000003f inc edx 0x00000040 push edx 0x00000041 ret 0x00000042 pop edx 0x00000043 ret 0x00000044 mov di, ax 0x00000047 call 00007F8F4C502414h 0x0000004c mov dword ptr [ebp+122D2986h], ebx 0x00000052 pop edi 0x00000053 push 00000000h 0x00000055 pushad 0x00000056 mov dword ptr [ebp+122D3867h], ebx 0x0000005c mov ah, 9Ah 0x0000005e popad 0x0000005f add dword ptr [ebp+122D2F49h], edx 0x00000065 xchg eax, esi 0x00000066 push eax 0x00000067 push edx 0x00000068 push eax 0x00000069 jnp 00007F8F4C502406h 0x0000006f pop eax 0x00000070 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10EF013 second address: 10EF018 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10EFEC6 second address: 10EFECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10EFECD second address: 10EFF41 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov edi, ebx 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F8F4CECCCE8h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 00000019h 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 push edi 0x00000029 mov ebx, eax 0x0000002b pop ebx 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push eax 0x00000031 call 00007F8F4CECCCE8h 0x00000036 pop eax 0x00000037 mov dword ptr [esp+04h], eax 0x0000003b add dword ptr [esp+04h], 0000001Ah 0x00000043 inc eax 0x00000044 push eax 0x00000045 ret 0x00000046 pop eax 0x00000047 ret 0x00000048 xchg eax, esi 0x00000049 pushad 0x0000004a push eax 0x0000004b push ebx 0x0000004c pop ebx 0x0000004d pop eax 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007F8F4CECCCEAh 0x00000055 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10ED193 second address: 10ED198 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10ED198 second address: 10ED20B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8F4CECCCE6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F8F4CECCCE8h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 00000018h 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 mov bx, 1CA4h 0x0000002c push dword ptr fs:[00000000h] 0x00000033 mov di, dx 0x00000036 stc 0x00000037 mov dword ptr fs:[00000000h], esp 0x0000003e call 00007F8F4CECCCEAh 0x00000043 mov dword ptr [ebp+124695F0h], eax 0x00000049 pop ebx 0x0000004a mov eax, dword ptr [ebp+122D14EDh] 0x00000050 xor bx, 16E7h 0x00000055 push FFFFFFFFh 0x00000057 sub dword ptr [ebp+122D363Dh], ebx 0x0000005d mov bx, di 0x00000060 nop 0x00000061 push eax 0x00000062 push edx 0x00000063 pushad 0x00000064 push ebx 0x00000065 pop ebx 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10EE107 second address: 10EE10B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10EF220 second address: 10EF23B instructions: 0x00000000 rdtsc 0x00000002 je 00007F8F4CECCCE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F8F4CECCCEEh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10ED20B second address: 10ED210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F357F second address: 10F358B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F358B second address: 10F35C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 nop 0x00000007 movzx ebx, cx 0x0000000a push 00000000h 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007F8F4C502408h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 00000017h 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 push 00000000h 0x00000028 mov bx, di 0x0000002b xchg eax, esi 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F35C1 second address: 10F35C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F35C7 second address: 10F35CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F015F second address: 10F018C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8F4CECCCEDh 0x00000008 js 00007F8F4CECCCE6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F8F4CECCCF1h 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F111C second address: 10F1126 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8F4C502406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F1126 second address: 10F113F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jp 00007F8F4CECCCE6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f js 00007F8F4CECCCF8h 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F113F second address: 10F1143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F1143 second address: 10F11EC instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8F4CECCCE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007F8F4CECCCE8h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 jg 00007F8F4CECCCECh 0x0000002b mov dword ptr [ebp+122D373Ah], ebx 0x00000031 push dword ptr fs:[00000000h] 0x00000038 mov edi, 3FC63BB6h 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 mov dword ptr [ebp+122D3759h], eax 0x0000004a mov bh, 80h 0x0000004c mov eax, dword ptr [ebp+122D0599h] 0x00000052 push 00000000h 0x00000054 push eax 0x00000055 call 00007F8F4CECCCE8h 0x0000005a pop eax 0x0000005b mov dword ptr [esp+04h], eax 0x0000005f add dword ptr [esp+04h], 0000001Bh 0x00000067 inc eax 0x00000068 push eax 0x00000069 ret 0x0000006a pop eax 0x0000006b ret 0x0000006c mov di, 2D93h 0x00000070 push FFFFFFFFh 0x00000072 mov dword ptr [ebp+12458D41h], eax 0x00000078 push eax 0x00000079 push eax 0x0000007a push edx 0x0000007b pushad 0x0000007c jmp 00007F8F4CECCCF6h 0x00000081 push esi 0x00000082 pop esi 0x00000083 popad 0x00000084 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F5806 second address: 10F5818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a ja 00007F8F4C502406h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F387C second address: 10F3882 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FDEFE second address: 10FDF04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FDF04 second address: 10FDF08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FDF08 second address: 10FDF0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108DF71 second address: 108DFA9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCECh 0x00000007 jl 00007F8F4CECCCF8h 0x0000000d jmp 00007F8F4CECCCF2h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push esi 0x00000017 push eax 0x00000018 pop eax 0x00000019 push edx 0x0000001a pop edx 0x0000001b pop esi 0x0000001c push eax 0x0000001d push edx 0x0000001e jo 00007F8F4CECCCE6h 0x00000024 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108DFA9 second address: 108DFC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8F4C502411h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108DFC0 second address: 108DFD3 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8F4CECCCEEh 0x00000008 pushad 0x00000009 popad 0x0000000a jns 00007F8F4CECCCE6h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FD772 second address: 10FD778 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FD778 second address: 10FD77E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FD77E second address: 10FD79A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F4C502418h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FD8C8 second address: 10FD8E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F8F4CECCD1Fh 0x0000000b jmp 00007F8F4CECCCEAh 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D94FF second address: 10D950C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1102F3F second address: 1102F45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1105BAE second address: 1105BEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop eax 0x00000006 push eax 0x00000007 jne 00007F8F4C50240Eh 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jno 00007F8F4C50241Ch 0x00000017 mov eax, dword ptr [eax] 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d pop eax 0x0000001e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1105BEA second address: 1105C0E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8F4CECCCE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 jmp 00007F8F4CECCCF1h 0x00000017 pop ecx 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1109DB7 second address: 1109DDD instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8F4C502406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F8F4C502416h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 pop eax 0x00000014 popad 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1091554 second address: 109155A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109155A second address: 1091568 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F8F4C502406h 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1091568 second address: 1091572 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8F4CECCCE6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110FC21 second address: 110FC25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110FC25 second address: 110FC2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110FC2B second address: 110FC31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110FD9A second address: 110FDA9 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8F4CECCCE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110FDA9 second address: 110FDD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F8F4C50240Eh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8F4C502411h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110FDD3 second address: 110FDD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11101C6 second address: 11101CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 111031D second address: 1110321 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1110321 second address: 1110347 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C502415h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c pushad 0x0000000d popad 0x0000000e jnl 00007F8F4C502406h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 111072E second address: 1110732 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1110732 second address: 111073E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110F883 second address: 110F8C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F4CECCCF2h 0x00000009 jnc 00007F8F4CECCCE6h 0x0000000f popad 0x00000010 jmp 00007F8F4CECCCEBh 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F8F4CECCCF1h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110F8C0 second address: 110F8C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 111604B second address: 1116051 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D2765 second address: 10D27EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C502412h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jno 00007F8F4C502414h 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F8F4C502408h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 00000017h 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c or ecx, dword ptr [ebp+122D2CA9h] 0x00000032 lea eax, dword ptr [ebp+124874C6h] 0x00000038 push 00000000h 0x0000003a push eax 0x0000003b call 00007F8F4C502408h 0x00000040 pop eax 0x00000041 mov dword ptr [esp+04h], eax 0x00000045 add dword ptr [esp+04h], 0000001Ch 0x0000004d inc eax 0x0000004e push eax 0x0000004f ret 0x00000050 pop eax 0x00000051 ret 0x00000052 push eax 0x00000053 pushad 0x00000054 push esi 0x00000055 pushad 0x00000056 popad 0x00000057 pop esi 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D27EB second address: 10D27EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D27EF second address: 10D27F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D27F3 second address: 10B62FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F8F4CECCCE8h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 mov dword ptr [ebp+122D3B25h], esi 0x0000002a call dword ptr [ebp+1245CDECh] 0x00000030 jp 00007F8F4CECCD08h 0x00000036 push eax 0x00000037 push edx 0x00000038 push esi 0x00000039 jg 00007F8F4CECCCE6h 0x0000003f pushad 0x00000040 popad 0x00000041 pop esi 0x00000042 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D2DDC second address: 10D2DE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D2DE0 second address: 10D2E4B instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8F4CECCCE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xor dword ptr [esp], 756A5282h 0x00000012 push 00000000h 0x00000014 push eax 0x00000015 call 00007F8F4CECCCE8h 0x0000001a pop eax 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f add dword ptr [esp+04h], 00000019h 0x00000027 inc eax 0x00000028 push eax 0x00000029 ret 0x0000002a pop eax 0x0000002b ret 0x0000002c and ecx, dword ptr [ebp+122D2EEDh] 0x00000032 sub edi, dword ptr [ebp+122D2D3Dh] 0x00000038 mov cx, dx 0x0000003b call 00007F8F4CECCCE9h 0x00000040 jmp 00007F8F4CECCCF6h 0x00000045 push eax 0x00000046 pushad 0x00000047 jl 00007F8F4CECCCECh 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D2E4B second address: 10D2E53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D2E53 second address: 10D2E68 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8F4CECCCE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D2E68 second address: 10D2E6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D2E6E second address: 10D2E73 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D2F63 second address: 10D2F6D instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8F4C502406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D3008 second address: 10D3041 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8F4CECCCE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xchg eax, esi 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007F8F4CECCCE8h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 00000017h 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 mov dword ptr [ebp+124695F0h], edx 0x0000002c push eax 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 pushad 0x00000031 popad 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D3041 second address: 10D3046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D3046 second address: 10D304B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D31CC second address: 10D31DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C50240Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D31DF second address: 10D31F0 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8F4CECCCE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D3895 second address: 10D3899 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D3AD0 second address: 10D3AE9 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8F4CECCCECh 0x00000008 jnl 00007F8F4CECCCE6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D3B84 second address: 10D3C33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F8F4C50240Fh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push ecx 0x0000000f jmp 00007F8F4C50240Ch 0x00000014 pop ecx 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007F8F4C502408h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 00000019h 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 sub dword ptr [ebp+122D1C89h], edx 0x00000036 mov cx, F2ACh 0x0000003a lea eax, dword ptr [ebp+1248750Ah] 0x00000040 cld 0x00000041 call 00007F8F4C502411h 0x00000046 pop edx 0x00000047 nop 0x00000048 ja 00007F8F4C502413h 0x0000004e push eax 0x0000004f jno 00007F8F4C50240Ah 0x00000055 nop 0x00000056 jmp 00007F8F4C502410h 0x0000005b lea eax, dword ptr [ebp+124874C6h] 0x00000061 movsx ecx, bx 0x00000064 push eax 0x00000065 push eax 0x00000066 push edx 0x00000067 push eax 0x00000068 jo 00007F8F4C502406h 0x0000006e pop eax 0x0000006f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D3C33 second address: 10B6F61 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8F4CECCCE8h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov ecx, 46D66369h 0x00000014 call dword ptr [ebp+122D3619h] 0x0000001a jl 00007F8F4CECCCF8h 0x00000020 push esi 0x00000021 jbe 00007F8F4CECCCE6h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11151EA second address: 11151EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11151EE second address: 11151F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11151F2 second address: 1115208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F4C502410h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1115359 second address: 1115364 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F8F4CECCCE6h 0x0000000a popad 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1115364 second address: 111536A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11154D2 second address: 11154D9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11154D9 second address: 11154FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop eax 0x0000000d jbe 00007F8F4C502418h 0x00000013 jmp 00007F8F4C502412h 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1121DA3 second address: 1121DD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8F4CECCCF1h 0x00000008 jmp 00007F8F4CECCCF6h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007F8F4CECCCE6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1121DD8 second address: 1121DDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1121DDC second address: 1121DE2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1121F01 second address: 1121F47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jno 00007F8F4C502406h 0x0000000d jmp 00007F8F4C502419h 0x00000012 pop eax 0x00000013 pop edx 0x00000014 push ecx 0x00000015 jmp 00007F8F4C502415h 0x0000001a ja 00007F8F4C502420h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1122353 second address: 112237D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 jmp 00007F8F4CECCCF3h 0x0000000c jp 00007F8F4CECCCE6h 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push edi 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112237D second address: 1122381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1122605 second address: 112260B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112260B second address: 1122611 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11228FE second address: 112290F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F4CECCCEAh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1122C06 second address: 1122C28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 jmp 00007F8F4C502416h 0x0000000e pushad 0x0000000f popad 0x00000010 pop esi 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1122C28 second address: 1122C37 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8F4CECCCE8h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1126ECA second address: 1126ECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1126ECE second address: 1126ED2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1126ED2 second address: 1126EE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007F8F4C502406h 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11267EE second address: 11267F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11267F4 second address: 11267FE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11267FE second address: 1126802 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1126BDC second address: 1126C04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C502410h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F8F4C50240Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1126C04 second address: 1126C08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1129155 second address: 112915B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112915B second address: 112915F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112915F second address: 1129163 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112D3A2 second address: 112D3AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1094B02 second address: 1094B06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1094B06 second address: 1094B0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11321E2 second address: 11321E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11324F6 second address: 11324FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11324FA second address: 1132512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edx 0x00000008 push edi 0x00000009 jmp 00007F8F4C50240Bh 0x0000000e pop edi 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D354B second address: 10D3551 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D35EF second address: 10D360A instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8F4C502408h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007F8F4C50240Ch 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D360A second address: 10D360F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D35EB second address: 10D35EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1136D23 second address: 1136D29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1136D29 second address: 1136D2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1136D2E second address: 1136D64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCF7h 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8F4CECCCECh 0x00000017 jnl 00007F8F4CECCCE6h 0x0000001d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1136D64 second address: 1136D6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1136EE6 second address: 1136EF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jnp 00007F8F4CECCCE6h 0x0000000c pop esi 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113705B second address: 1137076 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C50240Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007F8F4C502406h 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1137076 second address: 1137080 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1137080 second address: 1137084 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1137084 second address: 113708A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113732A second address: 1137333 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1137333 second address: 1137337 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113E435 second address: 113E43B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113E9CA second address: 113E9EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F4CECCCF8h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113E9EA second address: 113E9EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113E9EF second address: 113EA11 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8F4CECCD04h 0x00000008 jmp 00007F8F4CECCCF8h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113ECD9 second address: 113ECE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113F204 second address: 113F211 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F8F4CECCCE6h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113FD74 second address: 113FD90 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jc 00007F8F4C502406h 0x0000000d pushad 0x0000000e popad 0x0000000f jng 00007F8F4C502406h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113FD90 second address: 113FD94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1144839 second address: 1144843 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8F4C502406h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1144843 second address: 1144861 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8F4CECCCF5h 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1144861 second address: 1144868 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1144868 second address: 114487D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 jmp 00007F8F4CECCCEDh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1144996 second address: 11449B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F8F4C502414h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1144B1A second address: 1144B20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1144B20 second address: 1144B2C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1144CAD second address: 1144CBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnp 00007F8F4CECCCEAh 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1152389 second address: 11523A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8F4C502411h 0x0000000e push eax 0x0000000f push esi 0x00000010 pop esi 0x00000011 pop eax 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11523A7 second address: 11523C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCF7h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11523C4 second address: 11523C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1150BFF second address: 1150C2F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8F4CECCCEEh 0x00000008 jnl 00007F8F4CECCCFAh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1150C2F second address: 1150C35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1150C35 second address: 1150C3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1150F18 second address: 1150F30 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8F4C502412h 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1150F30 second address: 1150F34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11510A5 second address: 11510A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11510A9 second address: 11510AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11510AF second address: 11510B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11510B5 second address: 11510D9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8F4CECCCF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1151257 second address: 1151268 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F4C50240Ch 0x00000009 pop esi 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1151A2D second address: 1151A31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11521BE second address: 11521C8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11521C8 second address: 11521CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11521CC second address: 11521ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jnp 00007F8F4C502406h 0x0000000f pop edx 0x00000010 popad 0x00000011 pushad 0x00000012 jp 00007F8F4C50240Ch 0x00000018 push esi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114FF65 second address: 114FF69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11596FA second address: 1159706 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jnl 00007F8F4C502406h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1164BF5 second address: 1164BF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1164BF9 second address: 1164C0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C50240Eh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1164C0D second address: 1164C13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1164C13 second address: 1164C17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1164C17 second address: 1164C24 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8F4CECCCE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1164C24 second address: 1164C39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jne 00007F8F4C502406h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1164C39 second address: 1164C51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F8F4CECCCF0h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1169235 second address: 1169239 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1169239 second address: 1169241 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1168E55 second address: 1168E61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jl 00007F8F4C502406h 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118545A second address: 1185466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F8F4CECCCE6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1185466 second address: 118546B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118572C second address: 1185745 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8F4CECCCE6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F8F4CECCCEDh 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1185745 second address: 1185762 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F8F4C502418h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118589D second address: 11858A3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11858A3 second address: 11858A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119E60A second address: 119E632 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007F8F4CECCD0Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8F4CECCCEAh 0x00000015 jmp 00007F8F4CECCCEEh 0x0000001a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1093008 second address: 1093012 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8F4C502406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1093012 second address: 1093017 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A00DE second address: 11A010A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F4C502417h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8F4C50240Ch 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AC977 second address: 11AC97B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AC97B second address: 11AC986 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AEB1A second address: 11AEB25 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jl 00007F8F4CECCCE6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C8E1A second address: 11C8E1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C8E1F second address: 11C8E29 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8F4CECCCECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C7DD1 second address: 11C7DEA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop edi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8F4C50240Ch 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C806F second address: 11C8075 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C84A8 second address: 11C84C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F8F4C502413h 0x0000000b jbe 00007F8F4C502406h 0x00000011 popad 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C84C8 second address: 11C84D2 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8F4CECCCECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C8628 second address: 11C8630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C8630 second address: 11C8639 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C8639 second address: 11C863F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C863F second address: 11C8643 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C8924 second address: 11C894D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007F8F4C502406h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F8F4C502418h 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C894D second address: 11C895B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108FA3D second address: 108FA41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108FA41 second address: 108FA85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F8F4CECCCF2h 0x0000000c pop ecx 0x0000000d pushad 0x0000000e push ebx 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 pop ebx 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 pop edx 0x0000001a jmp 00007F8F4CECCCF6h 0x0000001f push eax 0x00000020 push edx 0x00000021 jl 00007F8F4CECCCE6h 0x00000027 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CCF56 second address: 11CCF70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C502412h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CCF70 second address: 11CCF74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CD514 second address: 11CD521 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CD521 second address: 11CD57A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jno 00007F8F4CECCCE6h 0x0000000c pop edx 0x0000000d popad 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007F8F4CECCCE8h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 sub dword ptr [ebp+122D1C89h], ebx 0x0000002f push dword ptr [ebp+122D27A0h] 0x00000035 mov dword ptr [ebp+12450DC4h], esi 0x0000003b call 00007F8F4CECCCE9h 0x00000040 jp 00007F8F4CECCCF8h 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007F8F4CECCCEAh 0x0000004d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CD57A second address: 11CD5A7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 je 00007F8F4C50241Eh 0x0000000d ja 00007F8F4C502418h 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 push ebx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CF07E second address: 11CF084 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CF084 second address: 11CF08A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CEC60 second address: 11CEC64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 527025E second address: 52702D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8F4C502410h 0x00000009 and cx, B3E8h 0x0000000e jmp 00007F8F4C50240Bh 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F8F4C502418h 0x0000001a adc ah, 00000048h 0x0000001d jmp 00007F8F4C50240Bh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 mov ebp, esp 0x00000028 pushad 0x00000029 mov dx, ax 0x0000002c mov ebx, esi 0x0000002e popad 0x0000002f pop ebp 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F8F4C502419h 0x00000037 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5250E8E second address: 5250E94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5250E94 second address: 5250E98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5250E98 second address: 5250EB0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5250EB0 second address: 5250EB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5250EB4 second address: 5250EDB instructions: 0x00000000 rdtsc 0x00000002 mov ax, D959h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dx, ax 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8F4CECCCF7h 0x00000015 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5250EDB second address: 5250F02 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 53CD2FDFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a mov ecx, edi 0x0000000c popad 0x0000000d popad 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 mov ebx, 2DF0505Ch 0x00000015 mov ax, di 0x00000018 popad 0x00000019 mov ebp, esp 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F8F4C50240Ah 0x00000022 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5250F02 second address: 5250F2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f call 00007F8F4CECCCF1h 0x00000014 pop ecx 0x00000015 popad 0x00000016 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52A0027 second address: 52A002B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52A002B second address: 52A0031 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52A0031 second address: 52A009F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F8F4C50240Ch 0x00000008 pop esi 0x00000009 mov bh, C1h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007F8F4C50240Dh 0x00000014 xchg eax, ebp 0x00000015 pushad 0x00000016 jmp 00007F8F4C50240Ch 0x0000001b push ecx 0x0000001c pushad 0x0000001d popad 0x0000001e pop edx 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F8F4C50240Fh 0x0000002b add si, BF1Eh 0x00000030 jmp 00007F8F4C502419h 0x00000035 popfd 0x00000036 movzx ecx, dx 0x00000039 popad 0x0000003a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52A009F second address: 52A00A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52A00A5 second address: 52A00A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52A00A9 second address: 52A00AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52A00AD second address: 52A00C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8F4C50240Ah 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52A00C4 second address: 52A00D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52300E0 second address: 52300E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52300E5 second address: 523013A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCEFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F8F4CECCCF6h 0x0000000f push eax 0x00000010 jmp 00007F8F4CECCCEBh 0x00000015 xchg eax, ebp 0x00000016 jmp 00007F8F4CECCCF6h 0x0000001b mov ebp, esp 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushad 0x00000021 popad 0x00000022 popad 0x00000023 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 523013A second address: 5230140 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230140 second address: 5230144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230144 second address: 5230148 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230148 second address: 52301BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+04h] 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F8F4CECCCF3h 0x00000012 jmp 00007F8F4CECCCF3h 0x00000017 popfd 0x00000018 pushfd 0x00000019 jmp 00007F8F4CECCCF8h 0x0000001e adc cx, 39C8h 0x00000023 jmp 00007F8F4CECCCEBh 0x00000028 popfd 0x00000029 popad 0x0000002a push dword ptr [ebp+0Ch] 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F8F4CECCCF0h 0x00000036 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52301BE second address: 52301C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52301C4 second address: 52301DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52301DF second address: 52301E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52301E5 second address: 52301EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52301EB second address: 52301EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52507CD second address: 52507D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52507D3 second address: 52507F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C50240Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov cx, di 0x00000012 mov edx, 478D0DF2h 0x00000017 popad 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52507F1 second address: 52507F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52507F7 second address: 52507FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52507FB second address: 5250836 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCF2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F8F4CECCCEDh 0x00000015 jmp 00007F8F4CECCCF0h 0x0000001a popad 0x0000001b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5250836 second address: 5250848 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F4C50240Eh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5250848 second address: 525084C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 525084C second address: 525085E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c movzx ecx, di 0x0000000f mov dl, 4Dh 0x00000011 popad 0x00000012 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5250690 second address: 5250695 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5250695 second address: 52506A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F4C50240Fh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52506A8 second address: 52506CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52506CD second address: 52506EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F8F4C502419h 0x00000009 pop ecx 0x0000000a popad 0x0000000b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52506EC second address: 5250741 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F8F4CECCCF1h 0x00000010 popad 0x00000011 xchg eax, ebp 0x00000012 pushad 0x00000013 jmp 00007F8F4CECCCF6h 0x00000018 popad 0x00000019 mov ebp, esp 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e call 00007F8F4CECCCEDh 0x00000023 pop esi 0x00000024 pushad 0x00000025 popad 0x00000026 popad 0x00000027 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5250399 second address: 52503F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8F4C50240Bh 0x00000009 or al, FFFFFFBEh 0x0000000c jmp 00007F8F4C502419h 0x00000011 popfd 0x00000012 push eax 0x00000013 pop edx 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushfd 0x0000001c jmp 00007F8F4C502416h 0x00000021 or ax, 18E8h 0x00000026 jmp 00007F8F4C50240Bh 0x0000002b popfd 0x0000002c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52503F6 second address: 5250490 instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 call 00007F8F4CECCCF5h 0x0000000c call 00007F8F4CECCCF0h 0x00000011 pop eax 0x00000012 pop ebx 0x00000013 popad 0x00000014 push eax 0x00000015 pushad 0x00000016 pushad 0x00000017 movsx ebx, si 0x0000001a pushfd 0x0000001b jmp 00007F8F4CECCCF6h 0x00000020 jmp 00007F8F4CECCCF5h 0x00000025 popfd 0x00000026 popad 0x00000027 movzx eax, di 0x0000002a popad 0x0000002b xchg eax, ebp 0x0000002c jmp 00007F8F4CECCCF3h 0x00000031 mov ebp, esp 0x00000033 jmp 00007F8F4CECCCF6h 0x00000038 pop ebp 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e popad 0x0000003f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5250490 second address: 52504AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C502419h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52504AD second address: 52504B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52504B3 second address: 52504B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 526022A second address: 5260239 instructions: 0x00000000 rdtsc 0x00000002 movsx edi, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5260239 second address: 526023D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 526023D second address: 5260243 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5260243 second address: 5260249 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5260249 second address: 52602C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov edx, eax 0x0000000f pushfd 0x00000010 jmp 00007F8F4CECCCF0h 0x00000015 jmp 00007F8F4CECCCF5h 0x0000001a popfd 0x0000001b popad 0x0000001c mov ebp, esp 0x0000001e jmp 00007F8F4CECCCEEh 0x00000023 pop ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F8F4CECCCEDh 0x0000002d or ax, 2466h 0x00000032 jmp 00007F8F4CECCCF1h 0x00000037 popfd 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52602C1 second address: 52602C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5290E0D second address: 5290E11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5290E11 second address: 5290E28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C502413h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52705B9 second address: 52705BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52705BF second address: 52705FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C50240Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F8F4C502412h 0x00000014 xor esi, 15E4DB58h 0x0000001a jmp 00007F8F4C50240Bh 0x0000001f popfd 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52705FA second address: 5270652 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8F4CECCCF6h 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d mov ebx, 412AA564h 0x00000012 movsx ebx, cx 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F8F4CECCCF1h 0x00000020 sbb ecx, 59953056h 0x00000026 jmp 00007F8F4CECCCF1h 0x0000002b popfd 0x0000002c pushad 0x0000002d popad 0x0000002e popad 0x0000002f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5270652 second address: 5270660 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F4C50240Ah 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5270660 second address: 5270664 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5270664 second address: 527069F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F8F4C502417h 0x0000000f mov eax, dword ptr [ebp+08h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F8F4C502415h 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 527069F second address: 52706A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52706A5 second address: 52706F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C502413h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and dword ptr [eax], 00000000h 0x0000000e jmp 00007F8F4C502416h 0x00000013 and dword ptr [eax+04h], 00000000h 0x00000017 pushad 0x00000018 jmp 00007F8F4C50240Eh 0x0000001d movzx eax, di 0x00000020 popad 0x00000021 pop ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52706F5 second address: 52706F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52706F9 second address: 52706FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52706FD second address: 5270703 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5250580 second address: 52505F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C50240Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b movzx eax, dx 0x0000000e popad 0x0000000f push eax 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F8F4C502418h 0x00000017 add ah, 00000068h 0x0000001a jmp 00007F8F4C50240Bh 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007F8F4C502418h 0x00000026 or ax, A7C8h 0x0000002b jmp 00007F8F4C50240Bh 0x00000030 popfd 0x00000031 popad 0x00000032 xchg eax, ebp 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52505F1 second address: 52505F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52505F5 second address: 52505FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52505FB second address: 5250628 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8F4CECCCF8h 0x00000009 sub ah, 00000058h 0x0000000c jmp 00007F8F4CECCCEBh 0x00000011 popfd 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 527018E second address: 5270194 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5270194 second address: 5270198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5270198 second address: 52701D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F8F4C502417h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8F4C502415h 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52703CD second address: 52703D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52703D1 second address: 52703D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52703D7 second address: 5270413 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCF4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F8F4CECCCF0h 0x0000000f push eax 0x00000010 jmp 00007F8F4CECCCEBh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5270413 second address: 527042E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C502417h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 527042E second address: 527047D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, bl 0x00000005 pushfd 0x00000006 jmp 00007F8F4CECCCF0h 0x0000000b adc eax, 1F79F068h 0x00000011 jmp 00007F8F4CECCCEBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ebp, esp 0x0000001c jmp 00007F8F4CECCCF6h 0x00000021 pop ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 mov ecx, edi 0x00000027 mov edx, 62348D0Ch 0x0000002c popad 0x0000002d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5290600 second address: 5290625 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C502419h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push esi 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5290625 second address: 529062A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 529062A second address: 5290660 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C502415h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8F4C502418h 0x00000013 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5290660 second address: 529066F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 529066F second address: 52906B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C502419h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F8F4C50240Eh 0x00000010 xchg eax, ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F8F4C502417h 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52906B6 second address: 5290702 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, C8h 0x00000005 mov ecx, 205CCA87h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007F8F4CECCCF6h 0x00000016 pushfd 0x00000017 jmp 00007F8F4CECCCF2h 0x0000001c and si, 9E98h 0x00000021 jmp 00007F8F4CECCCEBh 0x00000026 popfd 0x00000027 popad 0x00000028 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5290702 second address: 5290786 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C502419h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007F8F4C50240Eh 0x0000000f mov eax, dword ptr [76FA65FCh] 0x00000014 jmp 00007F8F4C502410h 0x00000019 test eax, eax 0x0000001b pushad 0x0000001c call 00007F8F4C50240Eh 0x00000021 mov ch, 04h 0x00000023 pop edi 0x00000024 jmp 00007F8F4C50240Ch 0x00000029 popad 0x0000002a je 00007F8FBE195608h 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 mov dl, 7Bh 0x00000035 jmp 00007F8F4C502416h 0x0000003a popad 0x0000003b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5290786 second address: 52907F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, bx 0x00000006 pushfd 0x00000007 jmp 00007F8F4CECCCEDh 0x0000000c sbb eax, 55016306h 0x00000012 jmp 00007F8F4CECCCF1h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov ecx, eax 0x0000001d jmp 00007F8F4CECCCEEh 0x00000022 xor eax, dword ptr [ebp+08h] 0x00000025 jmp 00007F8F4CECCCF1h 0x0000002a and ecx, 1Fh 0x0000002d jmp 00007F8F4CECCCEEh 0x00000032 ror eax, cl 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 popad 0x0000003a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52907F2 second address: 529080F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C502419h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 529080F second address: 529081F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F4CECCCECh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 529081F second address: 5290834 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 leave 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8F4C50240Ah 0x00000010 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5290834 second address: 5290846 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F4CECCCEEh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5290846 second address: 529084A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5290913 second address: 5290919 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5290919 second address: 529091D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 529091D second address: 5290956 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov eax, edx 0x0000000f movsx ebx, cx 0x00000012 popad 0x00000013 xchg eax, ebp 0x00000014 pushad 0x00000015 mov ax, A17Fh 0x00000019 popad 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F8F4CECCCF3h 0x00000025 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5290956 second address: 529095A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 529095A second address: 5290960 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5240022 second address: 524008A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8F4C502417h 0x00000009 adc al, FFFFFFDEh 0x0000000c jmp 00007F8F4C502419h 0x00000011 popfd 0x00000012 jmp 00007F8F4C502410h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b pushad 0x0000001c mov cl, EAh 0x0000001e movsx edi, si 0x00000021 popad 0x00000022 push eax 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F8F4C502411h 0x0000002b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 524008A second address: 52400CA instructions: 0x00000000 rdtsc 0x00000002 mov ah, 56h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov edx, 4661A950h 0x0000000b popad 0x0000000c xchg eax, ebp 0x0000000d pushad 0x0000000e mov eax, edi 0x00000010 pushfd 0x00000011 jmp 00007F8F4CECCCF1h 0x00000016 adc cl, FFFFFFD6h 0x00000019 jmp 00007F8F4CECCCF1h 0x0000001e popfd 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52400CA second address: 52400CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52400CE second address: 52400E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCEFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52400E1 second address: 5240144 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and esp, FFFFFFF8h 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F8F4C50240Ah 0x00000015 add ax, 2A58h 0x0000001a jmp 00007F8F4C50240Bh 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007F8F4C502418h 0x00000026 and eax, 3022B4B8h 0x0000002c jmp 00007F8F4C50240Bh 0x00000031 popfd 0x00000032 popad 0x00000033 xchg eax, ecx 0x00000034 pushad 0x00000035 mov dx, cx 0x00000038 push eax 0x00000039 push edx 0x0000003a mov eax, 2E809D3Dh 0x0000003f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5240144 second address: 524015E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F8F4CECCCF0h 0x0000000f rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 524015E second address: 5240162 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5240162 second address: 5240168 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5240168 second address: 524016E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 524016E second address: 5240172 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 524022E second address: 5240272 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8F4C50240Bh 0x00000009 or eax, 1E381B6Eh 0x0000000f jmp 00007F8F4C502419h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, esi 0x00000019 pushad 0x0000001a mov si, F193h 0x0000001e push eax 0x0000001f pop ecx 0x00000020 popad 0x00000021 push eax 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 push edx 0x00000026 pop esi 0x00000027 mov cl, bh 0x00000029 popad 0x0000002a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5240272 second address: 52402CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007F8F4CECCCF6h 0x0000000f mov esi, dword ptr [ebp+08h] 0x00000012 jmp 00007F8F4CECCCF0h 0x00000017 xchg eax, edi 0x00000018 jmp 00007F8F4CECCCF0h 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F8F4CECCCEDh 0x00000027 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52402CE second address: 52402D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52402D2 second address: 52402D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52402D8 second address: 5240302 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C50240Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8F4C502417h 0x00000011 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5240302 second address: 5240388 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b jmp 00007F8F4CECCCEEh 0x00000010 je 00007F8FBEBAAFCCh 0x00000016 pushad 0x00000017 mov cl, 73h 0x00000019 call 00007F8F4CECCCF3h 0x0000001e pop ecx 0x0000001f popad 0x00000020 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000027 pushad 0x00000028 mov ebx, 7EA41A04h 0x0000002d mov edx, 7C4AD270h 0x00000032 popad 0x00000033 je 00007F8FBEBAAFB1h 0x00000039 pushad 0x0000003a jmp 00007F8F4CECCCF5h 0x0000003f mov ah, EBh 0x00000041 popad 0x00000042 mov edx, dword ptr [esi+44h] 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5240388 second address: 524038C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 524038C second address: 52403A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52403A0 second address: 52403F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F8F4C502411h 0x00000008 pop esi 0x00000009 call 00007F8F4C502411h 0x0000000e pop esi 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 or edx, dword ptr [ebp+0Ch] 0x00000015 pushad 0x00000016 mov cx, di 0x00000019 popad 0x0000001a test edx, 61000000h 0x00000020 pushad 0x00000021 movsx ebx, cx 0x00000024 movzx eax, dx 0x00000027 popad 0x00000028 jne 00007F8FBE1E06AEh 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F8F4C502410h 0x00000035 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52403F8 second address: 5240425 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, CDh 0x00000005 pushfd 0x00000006 jmp 00007F8F4CECCCEAh 0x0000000b sbb ecx, 7EC1E438h 0x00000011 jmp 00007F8F4CECCCEBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a test byte ptr [esi+48h], 00000001h 0x0000001e pushad 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5240425 second address: 524045D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F8F4C502410h 0x0000000a add esi, 53C3DE98h 0x00000010 jmp 00007F8F4C50240Bh 0x00000015 popfd 0x00000016 popad 0x00000017 mov dx, cx 0x0000001a popad 0x0000001b jne 00007F8FBE1E0656h 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 524045D second address: 5240461 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5240461 second address: 5240467 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5240467 second address: 5240480 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F4CECCCF5h 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5240480 second address: 52404A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C502411h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test bl, 00000007h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov cx, di 0x00000014 movsx edx, cx 0x00000017 popad 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52404A4 second address: 52404AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52404AA second address: 52404AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230793 second address: 5230797 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230797 second address: 523079D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 523079D second address: 52307A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52307A3 second address: 52307E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C502418h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F8F4C50240Bh 0x00000011 xchg eax, ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F8F4C502410h 0x0000001b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52307E2 second address: 52307F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52307F1 second address: 523086D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007F8F4C50240Ch 0x00000012 and esp, FFFFFFF8h 0x00000015 jmp 00007F8F4C502410h 0x0000001a xchg eax, ebx 0x0000001b jmp 00007F8F4C502410h 0x00000020 push eax 0x00000021 pushad 0x00000022 jmp 00007F8F4C502411h 0x00000027 popad 0x00000028 xchg eax, ebx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c push esi 0x0000002d pop edi 0x0000002e pushfd 0x0000002f jmp 00007F8F4C502412h 0x00000034 adc si, 27D8h 0x00000039 jmp 00007F8F4C50240Bh 0x0000003e popfd 0x0000003f popad 0x00000040 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 523086D second address: 523094C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007F8F4CECCCEEh 0x0000000f push eax 0x00000010 jmp 00007F8F4CECCCEBh 0x00000015 xchg eax, esi 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F8F4CECCCF4h 0x0000001d sub esi, 76402BC8h 0x00000023 jmp 00007F8F4CECCCEBh 0x00000028 popfd 0x00000029 mov ax, 2D3Fh 0x0000002d popad 0x0000002e mov esi, dword ptr [ebp+08h] 0x00000031 jmp 00007F8F4CECCCF2h 0x00000036 sub ebx, ebx 0x00000038 pushad 0x00000039 mov si, di 0x0000003c mov bh, DAh 0x0000003e popad 0x0000003f test esi, esi 0x00000041 jmp 00007F8F4CECCCF2h 0x00000046 je 00007F8FBEBB276Fh 0x0000004c jmp 00007F8F4CECCCF0h 0x00000051 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b pushfd 0x0000005c jmp 00007F8F4CECCCEDh 0x00000061 or esi, 7A7017A6h 0x00000067 jmp 00007F8F4CECCCF1h 0x0000006c popfd 0x0000006d popad 0x0000006e rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 523094C second address: 5230952 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230952 second address: 5230956 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230956 second address: 5230994 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ecx, 35D56563h 0x00000012 pushfd 0x00000013 jmp 00007F8F4C502418h 0x00000018 sbb ecx, 42A817A8h 0x0000001e jmp 00007F8F4C50240Bh 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230994 second address: 52309F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F8FBEBB26EBh 0x00000010 pushad 0x00000011 mov di, 0CF0h 0x00000015 pushfd 0x00000016 jmp 00007F8F4CECCCF9h 0x0000001b and ax, 6A76h 0x00000020 jmp 00007F8F4CECCCF1h 0x00000025 popfd 0x00000026 popad 0x00000027 test byte ptr [76FA6968h], 00000002h 0x0000002e pushad 0x0000002f mov edx, esi 0x00000031 mov dl, ch 0x00000033 popad 0x00000034 jne 00007F8FBEBB26B4h 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d movzx ecx, di 0x00000040 mov bh, 30h 0x00000042 popad 0x00000043 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52309F7 second address: 52309FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52309FD second address: 5230A01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230A01 second address: 5230A55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [ebp+0Ch] 0x0000000b jmp 00007F8F4C502419h 0x00000010 xchg eax, ebx 0x00000011 jmp 00007F8F4C50240Eh 0x00000016 push eax 0x00000017 jmp 00007F8F4C50240Bh 0x0000001c xchg eax, ebx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F8F4C502410h 0x00000026 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230A55 second address: 5230A5B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230A5B second address: 5230A90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C50240Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F8F4C502410h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F8F4C50240Dh 0x00000019 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230A90 second address: 5230AA5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230AA5 second address: 5230AD2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C502411h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F8F4C50240Eh 0x0000000f push dword ptr [ebp+14h] 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230AD2 second address: 5230AD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230AD6 second address: 5230ADC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230B33 second address: 5230B43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F4CECCCECh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5240D92 second address: 5240D98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5240D98 second address: 5240DF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 jmp 00007F8F4CECCCF4h 0x0000000e mov dword ptr [esp], ebp 0x00000011 pushad 0x00000012 pushad 0x00000013 mov edi, eax 0x00000015 movzx ecx, bx 0x00000018 popad 0x00000019 pushfd 0x0000001a jmp 00007F8F4CECCCF5h 0x0000001f add eax, 2F9A12C6h 0x00000025 jmp 00007F8F4CECCCF1h 0x0000002a popfd 0x0000002b popad 0x0000002c mov ebp, esp 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5240DF7 second address: 5240DFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5240DFB second address: 5240DFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5240DFF second address: 5240E05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5240E05 second address: 5240E0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5240E0B second address: 5240E0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5240B49 second address: 5240B58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0763 second address: 52C0772 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F4C50240Ah 0x00000009 popad 0x0000000a rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0A29 second address: 52B0A40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCF3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0A40 second address: 52B0A77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F8F4C50240Fh 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007F8F4C502412h 0x00000014 mov dword ptr [esp], ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a mov bx, C080h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0A77 second address: 52B0A7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0A7C second address: 52B0A82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0A82 second address: 52B0A86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0A86 second address: 52B0A8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0CF3 second address: 52B0D5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCF2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F8F4CECCCF1h 0x00000011 jmp 00007F8F4CECCCEBh 0x00000016 popfd 0x00000017 mov ax, 041Fh 0x0000001b popad 0x0000001c xchg eax, ebp 0x0000001d jmp 00007F8F4CECCCF2h 0x00000022 mov ebp, esp 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F8F4CECCCF7h 0x0000002b rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0D5C second address: 52B0D62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0D62 second address: 52B0DBF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4CECCCEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push dword ptr [ebp+0Ch] 0x0000000e jmp 00007F8F4CECCCF6h 0x00000013 push dword ptr [ebp+08h] 0x00000016 pushad 0x00000017 jmp 00007F8F4CECCCEEh 0x0000001c push ecx 0x0000001d mov cl, dl 0x0000001f pop ecx 0x00000020 popad 0x00000021 push 40227F92h 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F8F4CECCCF5h 0x0000002d rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0DBF second address: 52B0DEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C502411h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 40237F90h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8F4C50240Dh 0x00000017 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0DEA second address: 52B0DFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F4CECCCECh 0x00000009 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0E28 second address: 52B0E8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F8F4C502417h 0x00000008 pop eax 0x00000009 mov ecx, edx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e movzx eax, al 0x00000011 pushad 0x00000012 call 00007F8F4C502411h 0x00000017 pushfd 0x00000018 jmp 00007F8F4C502410h 0x0000001d jmp 00007F8F4C502415h 0x00000022 popfd 0x00000023 pop esi 0x00000024 popad 0x00000025 pop ebp 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0E8D second address: 52B0E91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0E91 second address: 52B0EA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F4C50240Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                          Tries to evade debugger and weak emulator (self modifying code)
                          Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: F1EC95 instructions caused by: Self-modifying code
                          Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 10D2900 instructions caused by: Self-modifying code
                          Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 115FDF0 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: 72EC95 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: 8E2900 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: 96FDF0 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSpecial instruction interceptor: First address: 497A58 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSpecial instruction interceptor: First address: 63B551 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSpecial instruction interceptor: First address: 639F56 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeSpecial instruction interceptor: First address: 6C593B instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSpecial instruction interceptor: First address: C9FAF0 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSpecial instruction interceptor: First address: C9FBB0 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSpecial instruction interceptor: First address: C9D53E instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSpecial instruction interceptor: First address: ED23F7 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeSpecial instruction interceptor: First address: 19DEB7 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeSpecial instruction interceptor: First address: 36C604 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeSpecial instruction interceptor: First address: 3478FE instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeSpecial instruction interceptor: First address: 3DAA39 instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeSpecial instruction interceptor: First address: 1A3BEA instructions caused by: Self-modifying code
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeMemory allocated: 4A90000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeMemory allocated: 4CF0000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeMemory allocated: 4B20000 memory reserve | memory write watch
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_052B0CC2 rdtsc 0_2_052B0CC2
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1011Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1136Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1113Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1131Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1147Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1164Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1108Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeWindow / User API: threadDelayed 1269
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeWindow / User API: threadDelayed 1005
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeWindow / User API: threadDelayed 1260
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeWindow / User API: threadDelayed 1252
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeWindow / User API: threadDelayed 1219
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeWindow / User API: threadDelayed 1268
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeWindow / User API: threadDelayed 1260
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeWindow / User API: threadDelayed 1259
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow / User API: threadDelayed 1157
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow / User API: threadDelayed 1155
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow / User API: threadDelayed 1156
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow / User API: threadDelayed 364
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow / User API: threadDelayed 1183
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow / User API: threadDelayed 1127
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow / User API: threadDelayed 1187
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeWindow / User API: threadDelayed 1185
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1019603001\d0c6b9d6b8.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[3].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[3].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1019602001\647da3efc5.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1019601001\a53907268b.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1019604001\0c0e50df68.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_7-20863
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5328Thread sleep count: 1011 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5328Thread sleep time: -2023011s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3276Thread sleep count: 1136 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3276Thread sleep time: -2273136s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6108Thread sleep count: 272 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6108Thread sleep time: -8160000s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3732Thread sleep count: 1113 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3732Thread sleep time: -2227113s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4676Thread sleep count: 1131 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4676Thread sleep time: -2263131s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3056Thread sleep count: 1147 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3056Thread sleep time: -2295147s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5752Thread sleep count: 1164 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5752Thread sleep time: -2329164s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4140Thread sleep count: 1108 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4140Thread sleep time: -2217108s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe TID: 5376Thread sleep time: -240000s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe TID: 6104Thread sleep time: -30000s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.com TID: 5860Thread sleep time: -120000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.com TID: 5860Thread sleep time: -30000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exe TID: 8700Thread sleep time: -30000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exe TID: 8708Thread sleep time: -30000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe TID: 6388Thread sleep time: -240000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe TID: 4856Thread sleep count: 1269 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe TID: 4856Thread sleep time: -2539269s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe TID: 4480Thread sleep count: 1005 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe TID: 4480Thread sleep time: -2011005s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe TID: 5396Thread sleep count: 1260 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe TID: 5396Thread sleep time: -2521260s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe TID: 6668Thread sleep time: -44000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe TID: 2136Thread sleep count: 1252 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe TID: 2136Thread sleep time: -2505252s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe TID: 2696Thread sleep time: -210000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe TID: 3648Thread sleep count: 1219 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe TID: 3648Thread sleep time: -2439219s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe TID: 6576Thread sleep count: 1268 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe TID: 6576Thread sleep time: -2537268s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe TID: 3628Thread sleep count: 1260 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe TID: 3628Thread sleep time: -2521260s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe TID: 616Thread sleep count: 1259 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe TID: 616Thread sleep time: -2519259s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 6680Thread sleep count: 38 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 6680Thread sleep time: -76038s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 980Thread sleep time: -52026s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 2952Thread sleep count: 32 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 2952Thread sleep time: -64032s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 6408Thread sleep time: -44000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 940Thread sleep count: 33 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 940Thread sleep time: -66033s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 6476Thread sleep count: 35 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 6476Thread sleep time: -70035s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 6492Thread sleep count: 38 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 6492Thread sleep time: -76038s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 6560Thread sleep time: -60030s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe TID: 1452Thread sleep count: 62 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe TID: 1452Thread sleep count: 84 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 6752Thread sleep count: 1157 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 6752Thread sleep time: -2315157s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 4632Thread sleep count: 1155 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 4632Thread sleep time: -2311155s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 3952Thread sleep count: 1156 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 3952Thread sleep time: -2313156s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 3204Thread sleep count: 364 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 3204Thread sleep time: -2184000s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 3340Thread sleep count: 1183 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 3340Thread sleep time: -2367183s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 2812Thread sleep count: 1127 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 2812Thread sleep time: -2255127s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 3792Thread sleep count: 1187 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 3792Thread sleep time: -2375187s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 3528Thread sleep count: 1185 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe TID: 3528Thread sleep time: -2371185s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exe TID: 4740Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe TID: 1360Thread sleep count: 88 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe TID: 1360Thread sleep count: 85 > 30
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_00386304 FindFirstFileExW,7_2_00386304
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_003863B5 FindFirstFileExW,FindNextFileW,FindClose,FindClose,7_2_003863B5
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00386304 FindFirstFileExW,9_2_00386304
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_003863B5 FindFirstFileExW,FindNextFileW,FindClose,FindClose,9_2_003863B5
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread delayed: delay time: 30000Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\
                          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\
                          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\
                          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\
                          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\370821
                          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\370821\
                          Source: skotes.exe, skotes.exe, 00000003.00000002.2137648601.00000000008B7000.00000040.00000001.01000000.00000007.sdmp, 9f6ea82062.exe, 00000020.00000002.3948146191.0000000000E2B000.00000040.00000001.01000000.00000012.sdmp, 9f6ea82062.exe, 00000020.00000000.3269607750.0000000000E2B000.00000080.00000001.01000000.00000012.sdmp, 9f6ea82062.exe, 00000024.00000002.4211726440.0000000000E2B000.00000040.00000001.01000000.00000012.sdmp, 9f6ea82062.exe, 00000024.00000000.3409375402.0000000000E2B000.00000080.00000001.01000000.00000012.sdmp, 5936bfa4af.exe, 0000002C.00000002.3629094754.0000000000321000.00000040.00000001.01000000.00000016.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                          Source: 17ce3a84e4.exe, 0000001B.00000002.4522542200.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000003.4488835946.00000000014BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8
                          Source: 51ecf08926.exe, 00000021.00000003.3386520776.00000000016DF000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000021.00000003.3373835811.00000000016DF000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000021.00000003.3360279867.00000000016DF000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000021.00000003.3402212541.00000000016DF000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000021.00000003.3535624044.00000000016DF000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000021.00000003.3527139592.00000000016DF000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000021.00000003.3396211918.00000000016DF000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000021.00000003.3405370218.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000021.00000003.3375586091.00000000016DF000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000021.00000003.3385560100.00000000016DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWPc:_
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                          Source: 9f6ea82062.exe, 00000020.00000002.4054758953.000000000B881000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                          Source: 580c9354ec.exe, 0000001F.00000003.3535882043.0000000005A75000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696428655p
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                          Source: EUCyhuW.exe, 00000009.00000003.2887885665.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.3093424754.0000000000E5D000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2804303481.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000002.3137952445.0000000000E5D000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.3100957478.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2914135153.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000002.3138117875.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.3093424754.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2887459258.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2913252442.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000003.4498901768.00000000014E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: 9f6ea82062.exe, 00000020.00000002.4054758953.000000000B881000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                          Source: 9f6ea82062.exe, 00000020.00000002.4054758953.000000000B881000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                          Source: 51ecf08926.exe, 00000021.00000002.3625843163.00000000016B6000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000021.00000003.3593117120.00000000016A1000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000021.00000003.3592281547.000000000169C000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000021.00000003.3589272838.0000000001693000.00000004.00000020.00020000.00000000.sdmp, 51ecf08926.exe, 00000021.00000003.3596659488.00000000016B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW$
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.0000000000994000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWxV
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                          Source: 9f6ea82062.exe, 00000020.00000002.4054758953.000000000B881000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                          Source: 17ce3a84e4.exe, 0000001B.00000003.4498901768.00000000014E9000.00000004.00000020.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000002.4524131042.00000000014E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWQ
                          Source: 580c9354ec.exe, 0000001F.00000003.3535882043.0000000005A75000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: YNVMware
                          Source: 9f6ea82062.exe, 00000024.00000002.4260064567.0000000001665000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW+`
                          Source: 9f6ea82062.exe, 00000024.00000002.4260064567.00000000015FB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                          Source: file.exe, 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000002.00000002.2139636636.00000000008B7000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000003.00000002.2137648601.00000000008B7000.00000040.00000001.01000000.00000007.sdmp, 9f6ea82062.exe, 00000020.00000002.3948146191.0000000000E2B000.00000040.00000001.01000000.00000012.sdmp, 9f6ea82062.exe, 00000024.00000002.4211726440.0000000000E2B000.00000040.00000001.01000000.00000012.sdmp, 5936bfa4af.exe, 0000002C.00000002.3629094754.0000000000321000.00000040.00000001.01000000.00000016.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                          Source: 9f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWA
                          Source: 9f6ea82062.exe, 00000020.00000000.3269607750.0000000000E2B000.00000080.00000001.01000000.00000012.sdmp, 9f6ea82062.exe, 00000024.00000000.3409375402.0000000000E2B000.00000080.00000001.01000000.00000012.sdmpBinary or memory string: \\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                          Source: 580c9354ec.exe, 0000001F.00000003.3543466891.0000000005A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                          Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

                          Anti Debugging

                          barindex
                          Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSystem information queried: CodeIntegrityInformation
                          Source: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exeSystem information queried: CodeIntegrityInformation
                          Hides threads from debuggers
                          Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebuggerJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeThread information set: HideFromDebugger
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeThread information set: HideFromDebugger
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeThread information set: HideFromDebugger
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeThread information set: HideFromDebugger
                          Tries to detect sandboxes and other dynamic analysis tools (window names)
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeOpen window title or class name: regmonclass
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeOpen window title or class name: gbdyllo
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeOpen window title or class name: procmon_window_class
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeOpen window title or class name: ollydbg
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeOpen window title or class name: filemonclass
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeFile opened: NTICE
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeFile opened: SICE
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeFile opened: SIWVID
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeSystem information queried: KernelDebuggerInformation
                          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess queried: DebugPort
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess queried: DebugPort
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_052B0CC2 rdtsc 0_2_052B0CC2
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0043AAB0 LdrInitializeThunk,9_2_0043AAB0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_00374073 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00374073
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EE652B mov eax, dword ptr fs:[00000030h]0_2_00EE652B
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EEA302 mov eax, dword ptr fs:[00000030h]0_2_00EEA302
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_006FA302 mov eax, dword ptr fs:[00000030h]2_2_006FA302
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_006F652B mov eax, dword ptr fs:[00000030h]2_2_006F652B
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006FA302 mov eax, dword ptr fs:[00000030h]3_2_006FA302
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006F652B mov eax, dword ptr fs:[00000030h]3_2_006F652B
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_0039C19E mov edi, dword ptr fs:[00000030h]7_2_0039C19E
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_003616A0 mov edi, dword ptr fs:[00000030h]7_2_003616A0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_003616A0 mov edi, dword ptr fs:[00000030h]9_2_003616A0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_00381DBC GetProcessHeap,7_2_00381DBC
                          Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: Debug
                          Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: Debug
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeProcess token adjusted: Debug
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
                          Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_00374073 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00374073
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_00374067 SetUnhandledExceptionFilter,7_2_00374067
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_00373CB7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00373CB7
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_0037CDB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_0037CDB0
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00374073 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00374073
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00374067 SetUnhandledExceptionFilter,9_2_00374067
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_00373CB7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00373CB7
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 9_2_0037CDB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_0037CDB0
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeMemory protected: page guard

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Yara detected Powershell download and execute
                          Source: Yara matchFile source: Process Memory Space: 9f6ea82062.exe PID: 932, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 9f6ea82062.exe PID: 3940, type: MEMORYSTR
                          Contains functionality to inject code into remote processes
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: 7_2_0039C19E GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,7_2_0039C19E
                          Injects a PE file into a foreign processes
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeMemory written: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe base: 400000 value starts with: 4D5AJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeMemory written: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe base: 400000 value starts with: 4D5A
                          LummaC encrypted strings found
                          Source: EUCyhuW.exe, 00000007.00000002.3125830482.00000000031A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: rapeflowwj.lat
                          Source: EUCyhuW.exe, 00000007.00000002.3125830482.00000000031A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: crosshuaht.lat
                          Source: EUCyhuW.exe, 00000007.00000002.3125830482.00000000031A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: sustainskelet.lat
                          Source: EUCyhuW.exe, 00000007.00000002.3125830482.00000000031A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: aspecteirs.lat
                          Source: EUCyhuW.exe, 00000007.00000002.3125830482.00000000031A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: energyaffai.lat
                          Source: EUCyhuW.exe, 00000007.00000002.3125830482.00000000031A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: necklacebudi.lat
                          Source: EUCyhuW.exe, 00000007.00000002.3125830482.00000000031A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: discokeyus.lat
                          Source: EUCyhuW.exe, 00000007.00000002.3125830482.00000000031A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: grannyejh.lat
                          Source: EUCyhuW.exe, 00000007.00000002.3125830482.00000000031A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: bellflamre.click
                          Source: 17ce3a84e4.exe, 0000001B.00000002.4530305949.00000000015D0000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: fieldhitty.click
                          Source: 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: pancakedipyps.click
                          Source: 580c9354ec.exe, 0000001F.00000003.3226351387.0000000004EF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: sweepyribs.lat
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe "C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe "C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019563001\hYW0tgm.exe "C:\Users\user\AppData\Local\Temp\1019563001\hYW0tgm.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exe "C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe "C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe "C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe "C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe "C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exe "C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeProcess created: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe "C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe"Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Campbell Campbell.cmd & Campbell.cmd
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 370821
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Anchor" Veterinary
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Genre + ..\Mj + ..\Discs + ..\Receiving + ..\Mysterious + ..\Aka w
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\370821\Sale.com Sale.com w
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeProcess created: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe "C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe"
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
                          Source: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
                          Source: Sale.com, 00000018.00000000.2879528289.0000000000843000.00000002.00000001.01000000.0000000D.sdmp, 51ecf08926.exe, 00000021.00000000.3354831484.00000000004A2000.00000002.00000001.01000000.00000013.sdmp, 51ecf08926.exe, 00000032.00000000.3491748335.00000000004A2000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                          Source: skotes.exe, skotes.exe, 00000003.00000002.2137910104.0000000000906000.00000040.00000001.01000000.00000007.sdmp, 9f6ea82062.exe, 00000024.00000002.4225691431.0000000000E6F000.00000040.00000001.01000000.00000012.sdmpBinary or memory string: Program Manager
                          Source: 5936bfa4af.exe, 0000002C.00000002.3642079118.0000000000375000.00000040.00000001.01000000.00000016.sdmpBinary or memory string: .Program Manager
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: GetLocaleInfoW,7_2_003811AC
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_0038566E
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: EnumSystemLocalesW,7_2_003816A7
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: EnumSystemLocalesW,7_2_003858BF
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,7_2_0038595A
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: EnumSystemLocalesW,7_2_00385BAD
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: GetLocaleInfoW,7_2_00385C0C
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: EnumSystemLocalesW,7_2_00385CE1
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: GetLocaleInfoW,7_2_00385D2C
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,7_2_00385DD3
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: GetLocaleInfoW,7_2_00385ED9
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: GetLocaleInfoW,9_2_003811AC
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,9_2_0038566E
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: EnumSystemLocalesW,9_2_003816A7
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: EnumSystemLocalesW,9_2_003858BF
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,9_2_0038595A
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: EnumSystemLocalesW,9_2_00385BAD
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: GetLocaleInfoW,9_2_00385C0C
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: EnumSystemLocalesW,9_2_00385CE1
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: GetLocaleInfoW,9_2_00385D2C
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,9_2_00385DD3
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeCode function: GetLocaleInfoW,9_2_00385ED9
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019563001\hYW0tgm.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019563001\hYW0tgm.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019601001\a53907268b.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019601001\a53907268b.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019602001\647da3efc5.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019602001\647da3efc5.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019603001\d0c6b9d6b8.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019603001\d0c6b9d6b8.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019604001\0c0e50df68.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019604001\0c0e50df68.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019605001\5e8e6b1f32.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019605001\5e8e6b1f32.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019606001\6dc8db9c72.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019606001\6dc8db9c72.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019607001\6377f21e05.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019607001\6377f21e05.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019608001\90e2c6db43.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019608001\90e2c6db43.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019609001\7defc08b02.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019609001\7defc08b02.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019610001\murrgHN.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019610001\murrgHN.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019611001\df0ad61c61.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019611001\df0ad61c61.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019612001\a389bef3dc.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019612001\a389bef3dc.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019613001\1ba4718074.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019614001\408fbd4e57.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019614001\408fbd4e57.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019615001\9e7a844ab2.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019616001\dfe1c8ec1f.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1019616001\dfe1c8ec1f.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ECCBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,0_2_00ECCBEA
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                          Lowering of HIPS / PFW / Operating System Security Settings

                          barindex
                          Disable Windows Defender notifications (registry)
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1
                          Disable Windows Defender real time protection (registry)
                          Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableIOAVProtection 1
                          Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableRealtimeMonitoring 1
                          Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\NotificationsRegistry value created: DisableNotifications 1
                          Disables Windows Defender Tamper protection
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeRegistry value created: TamperProtection 0
                          Modifies windows update settings
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates
                          Source: C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations
                          Source: EUCyhuW.exe, 00000009.00000003.2913252442.0000000000E8B000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2914135153.0000000000E8B000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2913722505.0000000000EA9000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2913252442.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000002.3659052898.000000000118F000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3630270875.000000000118F000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3593252563.0000000001101000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3589106795.000000000118F000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3548508878.000000000118F000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3870761939.00000000011AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected Amadeys Clipper DLL
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1019602001\647da3efc5.exe, type: DROPPED
                          Yara detected Amadeys stealer DLL
                          Source: Yara matchFile source: 0.2.file.exe.eb0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.skotes.exe.6c0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 3.2.skotes.exe.6c0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000002.2139236518.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2137416563.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                          Yara detected Credential Flusher
                          Source: Yara matchFile source: Process Memory Space: 51ecf08926.exe PID: 1844, type: MEMORYSTR
                          Yara detected LummaC Stealer
                          Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: EUCyhuW.exe PID: 344, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 412ec13ac5.exe PID: 4788, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 580c9354ec.exe PID: 6008, type: MEMORYSTR
                          Source: Yara matchFile source: 9.2.EUCyhuW.exe.400000.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 9.2.EUCyhuW.exe.400000.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000007.00000002.3125830482.00000000031A4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Yara detected Stealc
                          Source: Yara matchFile source: 00000024.00000002.4203714163.0000000000A51000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000020.00000003.3308819951.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000020.00000002.3942624190.0000000000A51000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000020.00000002.3929798314.000000000094E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000024.00000003.3428194939.00000000052B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000024.00000002.4260064567.00000000015FB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: 9f6ea82062.exe PID: 932, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 9f6ea82062.exe PID: 3940, type: MEMORYSTR
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: Process Memory Space: 9f6ea82062.exe PID: 932, type: MEMORYSTR
                          Found many strings related to Crypto-Wallets (likely being stolen)
                          Source: EUCyhuW.exe, 00000009.00000003.3093948172.0000000000EFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                          Source: EUCyhuW.exe, 00000009.00000003.2887885665.0000000000E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000AD4000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: |0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: EUCyhuW.exe, 00000009.00000003.2887885665.0000000000E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                          Source: EUCyhuW.exe, 00000009.00000003.2887885665.0000000000E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/JAXX New Version
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000AD4000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: |0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: EUCyhuW.exe, 00000009.00000003.2887885665.0000000000E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000AD4000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: |0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000AD4000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: |0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000AD4000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: |0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000AD4000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: |0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000AD4000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: |0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: EUCyhuW.exe, 00000009.00000003.2887885665.0000000000E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Exodus
                          Source: EUCyhuW.exe, 00000009.00000003.2887885665.0000000000E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000AD4000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: |0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: EUCyhuW.exe, 00000009.00000003.2887885665.0000000000E8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000AD4000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: |0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000AD4000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: |0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000AD4000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: |0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: EUCyhuW.exe, 00000009.00000003.2887885665.0000000000E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                          Source: 9f6ea82062.exe, 00000020.00000002.3942624190.0000000000AD4000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: |0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Tries to harvest and steal Bitcoin Wallet information
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
                          Tries to harvest and steal ftp login credentials
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeFile opened: C:\Users\user\AppData\Roaming\FTPbox
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetter
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfo
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTP
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeFile opened: C:\Users\user\AppData\Roaming\FTPRush
                          Tries to steal Crypto Currency Wallets
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comFile opened: C:\Users\user\AppData\Roaming\Binance
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeFile opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\PALRGUCVEH
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\PALRGUCVEH
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\VWDFPKGDUF
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\VWDFPKGDUF
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\GRXZDKKVDB
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\VWDFPKGDUF
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\VWDFPKGDUF
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\PALRGUCVEH
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\PALRGUCVEH
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\EWZCVGNOWT
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\EWZCVGNOWT
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\EWZCVGNOWT
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\EWZCVGNOWT
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\PALRGUCVEH
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\PALRGUCVEH
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\370821\Sale.comDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWT
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWT
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDB
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDB
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMA
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMA
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\VWDFPKGDUF
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\VWDFPKGDUF
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDB
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDB
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMA
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMA
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEH
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEH
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\VWDFPKGDUF
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\VWDFPKGDUF
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWT
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWT
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDB
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDB
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMA
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMA
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEH
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEH
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\VWDFPKGDUF
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\VWDFPKGDUF
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWT
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDB
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDB
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMA
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMA
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEH
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEH
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\VWDFPKGDUF
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\VWDFPKGDUF
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDB
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDB
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\VWDFPKGDUF
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\VWDFPKGDUF
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDB
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDB
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEH
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEH
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDB
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDB
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZG
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMA
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMA
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEH
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEH
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\VWDFPKGDUF
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\VWDFPKGDUF
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EIVQSAOTAQ
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWT
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEH
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEH
                          Source: C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exeDirectory queried: number of queries: 1001
                          Source: C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exeDirectory queried: number of queries: 1001
                          Source: Yara matchFile source: 0000001E.00000003.3598848162.0000000001138000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000001F.00000003.3614760975.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000001F.00000003.3572256199.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000003.2887885665.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000001E.00000003.3466744227.0000000001176000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000003.2889042019.0000000000EAA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000003.2913722505.0000000000EA9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000001F.00000003.3803442222.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000001E.00000003.3479771297.0000000001138000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000003.2887992510.0000000000EA9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000001E.00000003.3468708215.0000000001123000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000020.00000002.3929798314.000000000094E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000003.2887459258.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000003.2913252442.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000001E.00000003.3593252563.000000000111D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: EUCyhuW.exe PID: 344, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 412ec13ac5.exe PID: 4788, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 580c9354ec.exe PID: 6008, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 9f6ea82062.exe PID: 932, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Attempt to bypass Chrome Application-Bound Encryption
                          Source: C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                          Yara detected Credential Flusher
                          Source: Yara matchFile source: Process Memory Space: 51ecf08926.exe PID: 1844, type: MEMORYSTR
                          Yara detected LummaC Stealer
                          Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: EUCyhuW.exe PID: 344, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 412ec13ac5.exe PID: 4788, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 580c9354ec.exe PID: 6008, type: MEMORYSTR
                          Source: Yara matchFile source: 9.2.EUCyhuW.exe.400000.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 9.2.EUCyhuW.exe.400000.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000007.00000002.3125830482.00000000031A4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Yara detected Stealc
                          Source: Yara matchFile source: 00000024.00000002.4203714163.0000000000A51000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000020.00000003.3308819951.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000020.00000002.3942624190.0000000000A51000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000020.00000002.3929798314.000000000094E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000024.00000003.3428194939.00000000052B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000024.00000002.4260064567.00000000015FB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: 9f6ea82062.exe PID: 932, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: 9f6ea82062.exe PID: 3940, type: MEMORYSTR
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: Process Memory Space: 9f6ea82062.exe PID: 932, type: MEMORYSTR

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts21
                          Windows Management Instrumentation                          		1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		411
                          Disable or Modify Tools                          		2
                          OS Credential Dumping                          		1
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		1
                          Ingress Tool Transfer                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts11
                          Native API                          		1
                          Scheduled Task/Job                          		2
                          Bypass User Account Control                          		11
                          Deobfuscate/Decode Files or Information                          		LSASS Memory23
                          File and Directory Discovery                          		Remote Desktop Protocol41
                          Data from Local System                          		2
                          Encrypted Channel                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain Accounts2
                          Command and Scripting Interpreter                          		11
                          Registry Run Keys / Startup Folder                          		1
                          Extra Window Memory Injection                          		5
                          Obfuscated Files or Information                          		Security Account Manager247
                          System Information Discovery                          		SMB/Windows Admin Shares1
                          Screen Capture                          		1
                          Remote Access Software                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal Accounts1
                          Scheduled Task/Job                          		Login Hook212
                          Process Injection                          		12
                          Software Packing                          		NTDS991
                          Security Software Discovery                          		Distributed Component Object Model2
                          Clipboard Data                          		1
                          Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud Accounts1
                          PowerShell                          		Network Logon Script1
                          Scheduled Task/Job                          		1
                          DLL Side-Loading                          		LSA Secrets4
                          Process Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts11
                          Registry Run Keys / Startup Folder                          		2
                          Bypass User Account Control                          		Cached Domain Credentials471
                          Virtualization/Sandbox Evasion                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                          Extra Window Memory Injection                          		DCSync1
                          Application Window Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                          Masquerading                          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt471
                          Virtualization/Sandbox Evasion                          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron212
                          Process Injection                          		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1579344 Sample: file.exe Startdate: 21/12/2024 Architecture: WINDOWS Score: 100 121 Found malware configuration 2->121 123 Antivirus detection for dropped file 2->123 125 Antivirus / Scanner detection for submitted sample 2->125 127 17 other signatures 2->127 8 skotes.exe 8 93 2->8         started        13 file.exe 5 2->13         started        15 skotes.exe 2->15         started        17 3 other processes 2->17 process3 dnsIp4 107 185.215.113.43 WHOLESALECONNECTIONSNL Portugal 8->107 109 185.215.113.16 WHOLESALECONNECTIONSNL Portugal 8->109 111 3 other IPs or domains 8->111 77 C:\Users\user\AppData\...\0c0e50df68.exe, PE32+ 8->77 dropped 79 C:\Users\user\AppData\...\d0c6b9d6b8.exe, PE32 8->79 dropped 81 C:\Users\user\AppData\...\647da3efc5.exe, PE32 8->81 dropped 87 23 other malicious files 8->87 dropped 169 Creates multiple autostart registry keys 8->169 171 Hides threads from debuggers 8->171 173 Tries to detect sandboxes / dynamic malware analysis system (registry check) 8->173 19 9f6ea82062.exe 8->19         started        24 5936bfa4af.exe 8->24         started        26 580c9354ec.exe 8->26         started        32 6 other processes 8->32 83 C:\Users\user\AppData\Local\...\skotes.exe, PE32 13->83 dropped 85 C:\Users\user\...\skotes.exe:Zone.Identifier, ASCII 13->85 dropped 175 Detected unpacking (changes PE section rights) 13->175 177 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 13->177 179 Tries to evade debugger and weak emulator (self modifying code) 13->179 181 Tries to detect virtualization through RDTSC time measurements 13->181 28 skotes.exe 13->28         started        183 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 15->183 185 Binary is likely a compiled AutoIt script file 17->185 30 firefox.exe 17->30         started        file5 signatures6 process7 dnsIp8 97 185.215.113.206 WHOLESALECONNECTIONSNL Portugal 19->97 67 C:\Users\user\AppData\...\softokn3[1].dll, PE32 19->67 dropped 69 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 19->69 dropped 71 C:\Users\user\AppData\...\mozglue[1].dll, PE32 19->71 dropped 73 9 other files (5 malicious) 19->73 dropped 133 Detected unpacking (changes PE section rights) 19->133 135 Attempt to bypass Chrome Application-Bound Encryption 19->135 137 Found many strings related to Crypto-Wallets (likely being stolen) 19->137 149 5 other signatures 19->149 34 chrome.exe 19->34         started        139 Tries to detect sandboxes and other dynamic analysis tools (window names) 24->139 151 4 other signatures 24->151 141 Query firmware table information (likely to detect VMs) 26->141 153 3 other signatures 26->153 143 Multi AV Scanner detection for dropped file 28->143 155 2 other signatures 28->155 99 142.250.181.78 GOOGLEUS United States 30->99 101 34.107.221.82 GOOGLEUS United States 30->101 105 2 other IPs or domains 30->105 103 172.67.141.124 CLOUDFLARENETUS United States 32->103 145 Binary is likely a compiled AutoIt script file 32->145 147 Machine Learning detection for dropped file 32->147 157 3 other signatures 32->157 37 cmd.exe 32->37         started        41 EUCyhuW.exe 32->41         started        43 412ec13ac5.exe 32->43         started        45 9 other processes 32->45 file9 signatures10 process11 dnsIp12 89 239.255.255.250 unknown Reserved 34->89 47 chrome.exe 34->47         started        75 C:\Users\user\AppData\Local\Temp\...\Sale.com, PE32 37->75 dropped 159 Drops PE files with a suspicious file extension 37->159 50 Sale.com 37->50         started        53 conhost.exe 37->53         started        55 tasklist.exe 37->55         started        63 7 other processes 37->63 91 104.21.21.99 CLOUDFLARENETUS United States 41->91 161 Query firmware table information (likely to detect VMs) 41->161 163 Found many strings related to Crypto-Wallets (likely being stolen) 41->163 165 Tries to steal Crypto Currency Wallets 41->165 93 172.67.209.202 CLOUDFLARENETUS United States 43->93 167 Tries to harvest and steal ftp login credentials 43->167 95 20.42.73.29 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 45->95 57 conhost.exe 45->57         started        59 conhost.exe 45->59         started        61 conhost.exe 45->61         started        65 2 other processes 45->65 file13 signatures14 process15 dnsIp16 113 142.250.181.132 GOOGLEUS United States 47->113 115 142.250.181.99 GOOGLEUS United States 47->115 119 3 other IPs or domains 47->119 117 104.21.63.229 CLOUDFLARENETUS United States 50->117 129 Query firmware table information (likely to detect VMs) 50->129 131 Tries to steal Crypto Currency Wallets 50->131 signatures17

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          file.exe58%VirustotalBrowse
                          file.exe55%ReversingLabsWin32.Infostealer.Tinba
                          file.exe100%AviraTR/Crypt.TPM.Gen
                          file.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe100%AviraTR/ATRAPS.Gen
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe100%AviraTR/Crypt.XPACK.Gen
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe100%AviraTR/Crypt.XPACK.Gen
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe100%AviraTR/Crypt.TPM.Gen
                          C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\hYW0tgm[1].exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\EUCyhuW[1].exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[3].exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe100%Joe Sandbox ML
                          C:\ProgramData\freebl3.dll0%ReversingLabs
                          C:\ProgramData\mozglue.dll0%ReversingLabs
                          C:\ProgramData\msvcp140.dll0%ReversingLabs
                          C:\ProgramData\nss3.dll0%ReversingLabs
                          C:\ProgramData\softokn3.dll0%ReversingLabs
                          C:\ProgramData\vcruntime140.dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe55%ReversingLabsWin32.Infostealer.Tinba
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe47%ReversingLabsWin32.Trojan.Generic
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[3].exe63%ReversingLabsWin32.Ransomware.Generic
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe18%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[3].exe87%ReversingLabsWin32.Trojan.Amadey
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe68%ReversingLabsWin32.Trojan.LummaStealer
                          C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exe18%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe68%ReversingLabsWin32.Trojan.LummaStealer
                          C:\Users\user\AppData\Local\Temp\1019601001\a53907268b.exe47%ReversingLabsWin32.Trojan.Generic
                          C:\Users\user\AppData\Local\Temp\1019602001\647da3efc5.exe55%ReversingLabsWin32.Infostealer.Tinba
                          C:\Users\user\AppData\Local\Temp\1019603001\d0c6b9d6b8.exe87%ReversingLabsWin32.Trojan.Amadey
                          C:\Users\user\AppData\Local\Temp\1019604001\0c0e50df68.exe63%ReversingLabsWin32.Ransomware.Generic
                          C:\Users\user\AppData\Local\Temp\370821\Sale.com0%ReversingLabs
                          C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe55%ReversingLabsWin32.Infostealer.Tinba

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          No Antivirus matches

                          Domains and IPs

                          Contacted Domains

                          No contacted domains info

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          aspecteirs.latfalse
                            		high
                            sustainskelet.latfalse
                              		high
                              rapeflowwj.latfalse
                                		high
                                energyaffai.latfalse
                                  		high
                                  grannyejh.latfalse
                                    		high
                                    necklacebudi.latfalse
                                      		high
                                      crosshuaht.latfalse
                                        		high
                                        bellflamre.clicktrue
                                          		unknown
                                          http://185.215.113.206/c4becf79229cb002.phpfalse
                                            		high

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            http://185.215.113.206/68b591d6548ec281/softokn3.dll9f6ea82062.exe, 00000020.00000002.3929798314.00000000009A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://fieldhitty.click:443/api17ce3a84e4.exe, 0000001B.00000002.4524131042.00000000014CF000.00000004.00000020.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000003.4498901768.00000000014CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://duckduckgo.com/chrome_newtabEUCyhuW.exe, 00000009.00000003.2805310164.0000000003728000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805076562.000000000372B000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805196036.0000000003728000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3245396945.00000000038AC000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3250034677.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3249885987.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3466602606.0000000005A0D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3467960261.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3476918307.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3531478078.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://fieldhitty.click/api&17ce3a84e4.exe, 0000001B.00000003.4498901768.00000000014E9000.00000004.00000020.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000002.4524131042.00000000014E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://duckduckgo.com/ac/?q=EUCyhuW.exe, 00000009.00000003.2805310164.0000000003728000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805076562.000000000372B000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805196036.0000000003728000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3245396945.00000000038AC000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3250034677.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3249885987.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3466602606.0000000005A0D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3467960261.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3476918307.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3531478078.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://185.215.113.206/9f6ea82062.exe, 00000024.00000002.4260064567.000000000164D000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000024.00000002.4260064567.00000000015FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4278061535.0000000005B81000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://discokeyus.lat/VEUCyhuW.exe, 00000009.00000003.2804303481.0000000000E97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://discokeyus.lat/apiLbEUCyhuW.exe, 00000009.00000003.3093424754.0000000000F03000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000002.3138189518.0000000000F03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://discokeyus.lat/QEUCyhuW.exe, 00000009.00000003.2804303481.0000000000E97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.EUCyhuW.exe, 00000009.00000003.2856083987.000000000378F000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3385290739.000000000390D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3641823591.0000000005A5F000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4054758953.000000000B8E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://pancakedipyps.click/412ec13ac5.exe, 0000001E.00000003.3207231180.000000000111D000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3373433430.00000000038FE000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3622898084.000000000111D000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3298472752.00000000038E9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3551750660.000000000117D000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3412770399.0000000003905000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3592146204.000000000117E000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000002.3657261192.000000000111D000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3412261797.00000000038FC000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3298172128.00000000038E9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000002.3658768402.000000000117E000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3374828427.0000000003905000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3630270875.000000000117E000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3593252563.000000000111D000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3548292393.0000000001176000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://185.215.113.206/68b591d6548ec281/mozglue.dll.9f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://185.215.113.206/c4becf79229cb002.phpation9f6ea82062.exe, 00000020.00000002.3942624190.0000000000BB7000.00000040.00000001.01000000.00000012.sdmpfalse
                                                                          		high
                                                                          http://185.215.113.206/68b591d6548ec281/freebl3.dll9f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://185.215.113.206/68b591d6548ec281/nss3.dll9f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.3929798314.000000000094E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://pancakedipyps.click:443/api(412ec13ac5.exe, 0000001E.00000003.3412770399.000000000390E000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3548818763.000000000390E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://fieldhitty.click/api917ce3a84e4.exe, 0000001B.00000003.4488835946.00000000014C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://pancakedipyps.click/2412ec13ac5.exe, 0000001E.00000003.3207422516.0000000001138000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3207231180.000000000111D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://185.215.113.206FCG9f6ea82062.exe, 00000020.00000002.3942624190.0000000000BB7000.00000040.00000001.01000000.00000012.sdmpfalse
                                                                                      		unknown
                                                                                      https://pancakedipyps.click/.412ec13ac5.exe, 0000001E.00000003.3179102375.0000000001139000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://pancakedipyps.click/api412ec13ac5.exe, 0000001E.00000003.3630270875.000000000118F000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3207231180.000000000111D000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3589106795.000000000118F000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3298372606.0000000001196000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3467586885.000000000118F000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000002.3658768402.000000000117E000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3548508878.000000000118F000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3630270875.000000000117E000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3593252563.000000000111D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://185.215.113.206/c4becf79229cb002.phpinit.exe9f6ea82062.exe, 00000020.00000002.3942624190.0000000000BB7000.00000040.00000001.01000000.00000012.sdmpfalse
                                                                                            		high
                                                                                            http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4278061535.0000000005B81000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.microsoft.x580c9354ec.exe, 0000001F.00000003.3614760975.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3572256199.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3870761939.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3803442222.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3927069843.00000000011AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                http://www.mozilla.com/en-US/blocklist/9f6ea82062.exe, 00000020.00000002.4069578254.000000006C0DD000.00000002.00000001.01000000.0000001E.sdmpfalse
                                                                                                  		high
                                                                                                  http://185.215.113.206/c4becf79229cb002.phpe13b062b4c5e95f4989d6bd1e5539f6ea82062.exe, 00000020.00000002.3942624190.0000000000BB7000.00000040.00000001.01000000.00000012.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://discokeyus.lat/JJFfEUCyhuW.exe, 00000009.00000003.2828355789.0000000003773000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://185.215.113.206/c4becf79229cb002.php349f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://185.215.113.206/Local9f6ea82062.exe, 00000024.00000002.4260064567.000000000164D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=EUCyhuW.exe, 00000009.00000003.2805310164.0000000003728000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805076562.000000000372B000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805196036.0000000003728000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3245396945.00000000038AC000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3250034677.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3249885987.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3466602606.0000000005A0D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3467960261.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3476918307.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3531478078.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://crl.rootca1.amazontrust.com/rootca1.crl0EUCyhuW.exe, 00000009.00000003.2853484209.00000000037FD000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3378806018.000000000397D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3603169180.0000000005A83000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.autoitscript.com/autoit3/XSurveillanceWalls.exe, 0000000E.00000002.2860963000.0000000000420000.00000004.00000001.01000000.0000000B.sdmp, Sale.com, 00000018.00000000.2879703042.0000000000855000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                                                                		high
                                                                                                                http://ocsp.rootca1.amazontrust.com0:EUCyhuW.exe, 00000009.00000003.2853484209.00000000037FD000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3378806018.000000000397D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3603169180.0000000005A83000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://185.215.113.206b9f6ea82062.exe, 00000024.00000002.4260064567.00000000015FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://nsis.sf.net/NSIS_ErrorErrorSurveillanceWalls.exe, 0000000E.00000002.2860938966.0000000000409000.00000002.00000001.01000000.0000000B.sdmp, SurveillanceWalls.exe, 0000000E.00000000.2852400591.0000000000409000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.ecosia.org/newtab/EUCyhuW.exe, 00000009.00000003.2805310164.0000000003728000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805076562.000000000372B000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805196036.0000000003728000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3245396945.00000000038AC000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3250034677.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3249885987.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3466602606.0000000005A0D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3467960261.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3476918307.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3531478078.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br9f6ea82062.exe, 00000020.00000003.3834740498.000000000BA2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://185.215.113.206/c4becf79229cb002.php89f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://185.215.113.206/c4becf79229cb002.php;9f6ea82062.exe, 00000020.00000002.3929798314.00000000009A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://fieldhitty.click/api17ce3a84e4.exe, 0000001B.00000002.4524131042.00000000014E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://185.215.113.16/off/def.exe?580c9354ec.exe, 0000001F.00000003.4347342206.0000000001215000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.4358124840.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://pancakedipyps.click/api-412ec13ac5.exe, 0000001E.00000003.3207422516.0000000001138000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3207231180.000000000111D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zskotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4278061535.0000000005B81000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL9f6ea82062.exe, 00000020.00000003.3834740498.000000000BA2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&refEUCyhuW.exe, 00000009.00000003.2856083987.000000000378F000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3385290739.000000000390D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3641823591.0000000005A5F000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4054758953.000000000B8E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://pancakedipyps.click/api$412ec13ac5.exe, 0000001E.00000003.3632525311.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3622898084.0000000001139000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000002.3658232025.0000000001139000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477EUCyhuW.exe, 00000009.00000003.2856083987.000000000378F000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3385290739.000000000390D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3641823591.0000000005A5F000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4054758953.000000000B8E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://185.215.113.16/off/def.exe580c9354ec.exe, 0000001F.00000003.4347342206.0000000001215000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.4360295909.00000000059D2000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.4358124840.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://pancakedipyps.click/pi412ec13ac5.exe, 0000001E.00000003.3551750660.000000000117D000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3592146204.000000000117E000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3548292393.0000000001176000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://185.215.113.206/68b591d6548ec281/vcruntime140.dll9f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://ocsp.sectigo.com0skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4278061535.0000000005B81000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://185.215.113.206/99f6ea82062.exe, 00000024.00000002.4260064567.000000000164D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://github.comskotes.exe, 00000006.00000003.4278061535.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4281279423.0000000005BB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi9f6ea82062.exe, 00000020.00000002.4054758953.000000000B8E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://discokeyus.lat/apiHEUCyhuW.exe, 00000009.00000003.2804303481.0000000000E97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://185.215.113.206/c4becf79229cb002.phpl9f6ea82062.exe, 00000020.00000002.3942624190.0000000000BB7000.00000040.00000001.01000000.00000012.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://185.215.113.206/c4becf79229cb002.phpo9f6ea82062.exe, 00000020.00000002.3929798314.00000000009A6000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000024.00000002.4260064567.000000000164D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=EUCyhuW.exe, 00000009.00000003.2805310164.0000000003728000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805076562.000000000372B000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805196036.0000000003728000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3245396945.00000000038AC000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3250034677.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3249885987.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3466602606.0000000005A0D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3467960261.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3476918307.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3531478078.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://discokeyus.lat/api/580c9354ec.exe, 0000001F.00000003.3694965286.0000000001225000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3684252207.0000000001225000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3763354814.0000000001224000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3669275426.0000000001224000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://discokeyus.lat/apiEUCyhuW.exe, 00000009.00000003.2851829493.0000000003787000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.3093424754.0000000000F03000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2804303481.0000000000E69000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2804303481.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2852265070.000000000378A000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2852327758.0000000003773000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000002.3138189518.0000000000F03000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2913644011.0000000000F03000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000002.3138169097.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2913722505.0000000000EA9000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2804303481.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2878424864.0000000003791000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.3093424754.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.3093948172.0000000000EE2000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2877959925.0000000003791000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2852015292.0000000003773000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2930693716.0000000000F03000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2913252442.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2852833290.0000000003773000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3694965286.0000000001225000.00000004.00000020.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3614760975.00000000011AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://185.215.113.206/68b591d6548ec281/sqlite3.dll9f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://185.215.113.206/c4becf79229cb002.php/a9f6ea82062.exe, 00000024.00000002.4260064567.000000000164D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://pancakedipyps.click:443/api412ec13ac5.exe, 0000001E.00000003.3438661334.000000000390E000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3596871072.000000000390E000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3452315135.000000000390E000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3480531158.000000000390E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://github.com/Urijas/moperats/raw/refs/heads/main/biyjdfjadaw.exeskotes.exe, 00000006.00000003.4278061535.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4281279423.0000000005BB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4278061535.0000000005B81000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://185.215.113.206/68b591d6548ec281/softokn3.dllg9f6ea82062.exe, 00000020.00000002.3929798314.00000000009A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://pancakedipyps.click/apiIV412ec13ac5.exe, 0000001E.00000002.3659052898.000000000118F000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3630270875.000000000118F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://fieldhitty.click/c17ce3a84e4.exe, 0000001B.00000003.4498901768.00000000014E9000.00000004.00000020.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000002.4524131042.00000000014E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://x1.c.lencr.org/0EUCyhuW.exe, 00000009.00000003.2853484209.00000000037FD000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3378806018.000000000397D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3603169180.0000000005A83000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://x1.i.lencr.org/0EUCyhuW.exe, 00000009.00000003.2853484209.00000000037FD000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3378806018.000000000397D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3603169180.0000000005A83000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchEUCyhuW.exe, 00000009.00000003.2805310164.0000000003728000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805076562.000000000372B000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805196036.0000000003728000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3245396945.00000000038AC000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3250034677.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3249885987.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3466602606.0000000005A0D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3467960261.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3476918307.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3531478078.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://185.215.113.206/68b591d6548ec281/mozglue.dll9f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://support.mozilla.org/products/firefoxgro.all580c9354ec.exe, 0000001F.00000003.3627062430.00000000060B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://185.215.113.206c4becf79229cb002.phpion:9f6ea82062.exe, 00000020.00000002.3942624190.0000000000BB7000.00000040.00000001.01000000.00000012.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://www.sqlite.org/copyright.html.9f6ea82062.exe, 00000020.00000002.4047572344.0000000005794000.00000004.00000020.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000002.4066981270.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://fieldhitty.click/17ce3a84e4.exe, 0000001B.00000002.4524131042.00000000014CF000.00000004.00000020.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000003.4498901768.00000000014CF000.00000004.00000020.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000003.4498901768.00000000014E9000.00000004.00000020.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000002.4524131042.00000000014E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://fieldhitty.click/apii17ce3a84e4.exe, 0000001B.00000002.4522542200.00000000014BC000.00000004.00000020.00020000.00000000.sdmp, 17ce3a84e4.exe, 0000001B.00000003.4488835946.00000000014BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://pancakedipyps.click/apiDV412ec13ac5.exe, 0000001E.00000002.3659052898.000000000118F000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3630270875.000000000118F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://sectigo.com/CPS0skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000003.4278061535.0000000005B81000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icoEUCyhuW.exe, 00000009.00000003.2805310164.0000000003728000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805076562.000000000372B000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2805196036.0000000003728000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3245396945.00000000038AC000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3250034677.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3249885987.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3466602606.0000000005A0D000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3467960261.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 580c9354ec.exe, 0000001F.00000003.3476918307.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, 9f6ea82062.exe, 00000020.00000003.3531478078.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://discokeyus.lat/90BHEUCyhuW.exe, 00000009.00000003.2852327758.0000000003784000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2852015292.0000000003784000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2888145590.0000000003784000.00000004.00000800.00020000.00000000.sdmp, EUCyhuW.exe, 00000009.00000003.2852833290.0000000003784000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    https://pancakedipyps.click/M412ec13ac5.exe, 0000001E.00000003.3207422516.0000000001138000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001E.00000003.3207231180.000000000111D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      http://185.215.113.206/68b591d6548ec281/msvcp140.dll9f6ea82062.exe, 00000020.00000002.3929798314.00000000009A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://185.215.113.206/c4becf79229cb002.phpP59f6ea82062.exe, 00000020.00000002.3929798314.00000000009C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                          http://185.215.113.16/steam/random.exe580c9354ec.exe, 0000001F.00000003.4358124840.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmp, 412ec13ac5.exe, 0000001C.00000002.3169413863.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://discokeyus.lat/apisEUCyhuW.exe, 00000009.00000003.2804303481.0000000000E72000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                http://185.215.113.43/Zu7JuNko/index.php8001skotes.exe, 00000006.00000003.4278061535.0000000005B63000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		unknown

                                                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                  185.215.113.43
                                                                                                                                                                                                                                  		unknownPortugal
                                                                                                                                                                                                                                  		206894WHOLESALECONNECTIONSNLtrue
                                                                                                                                                                                                                                  104.21.21.99
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                  1.1.1.1
                                                                                                                                                                                                                                  		unknownAustralia
                                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                  52.217.122.113
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                                                  172.217.17.78
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                  172.67.141.124
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                  185.215.113.16
                                                                                                                                                                                                                                  		unknownPortugal
                                                                                                                                                                                                                                  		206894WHOLESALECONNECTIONSNLfalse
                                                                                                                                                                                                                                  142.250.181.132
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                  34.107.221.82
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                  172.67.209.202
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                  239.255.255.250
                                                                                                                                                                                                                                  		unknownReserved
                                                                                                                                                                                                                                  		unknownunknownfalse
                                                                                                                                                                                                                                  20.42.73.29
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                  104.21.63.229
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                  185.215.113.206
                                                                                                                                                                                                                                  		unknownPortugal
                                                                                                                                                                                                                                  		206894WHOLESALECONNECTIONSNLtrue
                                                                                                                                                                                                                                  64.233.162.84
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                  35.190.72.216
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                  142.250.181.78
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                  142.250.181.99
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                  185.166.143.50
                                                                                                                                                                                                                                  		unknownGermany
                                                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                                                  31.41.244.11
                                                                                                                                                                                                                                  		unknownRussian Federation
                                                                                                                                                                                                                                  		61974AEROEXPRESS-ASRUfalse

                                                                                                                                                                                                                                  Private

                                                                                                                                                                                                                                  IP
                                                                                                                                                                                                                                  127.0.0.1

                                                                                                                                                                                                                                  General Information

                                                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                  Analysis ID:1579344
                                                                                                                                                                                                                                  Start date and time:2024-12-21 20:14:10 +01:00
                                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                  Overall analysis duration:0h 19m 46s
                                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                  Number of analysed new started processes analysed:54
                                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                                  Sample name:file.exe
                                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@114/80@0/21
                                                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                                                  HCA Information:Failed
                                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                                                                                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                                                  • Max analysis timeout: 600s exceeded, the analysis took too long
                                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                  • Skipping network analysis since amount of network traffic is too extensive

                                                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                                                  14:16:01API Interceptor10080265x Sleep call for process: skotes.exe modified
                                                                                                                                                                                                                                  14:16:11API Interceptor9x Sleep call for process: EUCyhuW.exe modified
                                                                                                                                                                                                                                  14:16:21API Interceptor1x Sleep call for process: SurveillanceWalls.exe modified
                                                                                                                                                                                                                                  14:16:43API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                                                  14:16:54API Interceptor8x Sleep call for process: 412ec13ac5.exe modified
                                                                                                                                                                                                                                  14:17:01API Interceptor20x Sleep call for process: Sale.com modified
                                                                                                                                                                                                                                  14:17:02API Interceptor362472x Sleep call for process: 580c9354ec.exe modified
                                                                                                                                                                                                                                  14:17:21API Interceptor73176x Sleep call for process: 9f6ea82062.exe modified
                                                                                                                                                                                                                                  14:19:03API Interceptor2x Sleep call for process: 17ce3a84e4.exe modified
                                                                                                                                                                                                                                  20:15:04Task SchedulerRun new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                  20:16:57AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 580c9354ec.exe C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe
                                                                                                                                                                                                                                  20:17:07AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 9f6ea82062.exe C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                  20:17:17AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 51ecf08926.exe C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe
                                                                                                                                                                                                                                  20:17:25AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 580c9354ec.exe C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe
                                                                                                                                                                                                                                  20:17:41Task SchedulerRun new task: Gxtuum path: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe
                                                                                                                                                                                                                                  20:17:41AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 9f6ea82062.exe C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                  20:17:50AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 51ecf08926.exe C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe
                                                                                                                                                                                                                                  20:17:58Task SchedulerRun new task: Intel_PTT_EK_Recertification path: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                                                                                                                                                                                                                                  20:17:59AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 5936bfa4af.exe C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exe
                                                                                                                                                                                                                                  20:18:01Task SchedulerRun new task: MyBootTask path: C:\Users\user\AppData\Local\Temp\1019604001\0c0e50df68.exe
                                                                                                                                                                                                                                  20:18:13AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 5936bfa4af.exe C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exe
                                                                                                                                                                                                                                  20:18:23AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Graph C:\Program Files\Windows Media Player\graph\graph.exe
                                                                                                                                                                                                                                  20:18:32AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Graph C:\Program Files\Windows Media Player\graph\graph.exe
                                                                                                                                                                                                                                  20:19:24AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 1ba4718074.exe C:\Users\user\AppData\Local\Temp\1019613001\1ba4718074.exe
                                                                                                                                                                                                                                  20:19:35AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 408fbd4e57.exe C:\Users\user\AppData\Local\Temp\1019614001\408fbd4e57.exe
                                                                                                                                                                                                                                  20:19:38Task SchedulerRun new task: ServiceData4 path: C:\Users\user\AppData\Local\Temp\/service123.exe
                                                                                                                                                                                                                                  20:19:45AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 9e7a844ab2.exe C:\Users\user\AppData\Local\Temp\1019615001\9e7a844ab2.exe
                                                                                                                                                                                                                                  20:19:55AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run dfe1c8ec1f.exe C:\Users\user\AppData\Local\Temp\1019616001\dfe1c8ec1f.exe
                                                                                                                                                                                                                                  20:20:04AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 1ba4718074.exe C:\Users\user\AppData\Local\Temp\1019613001\1ba4718074.exe
                                                                                                                                                                                                                                  20:20:15AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 408fbd4e57.exe C:\Users\user\AppData\Local\Temp\1019614001\408fbd4e57.exe
                                                                                                                                                                                                                                  20:20:24AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 9e7a844ab2.exe C:\Users\user\AppData\Local\Temp\1019615001\9e7a844ab2.exe
                                                                                                                                                                                                                                  20:20:33AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run dfe1c8ec1f.exe C:\Users\user\AppData\Local\Temp\1019616001\dfe1c8ec1f.exe

                                                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                                                  IPs

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  185.215.113.43file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                  • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                  • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                  • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                  • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                  • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                  • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                  • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, SystemBC, zgRATBrowse
                                                                                                                                                                                                                                  • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                                                                  1QNOKwVoOT.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                  • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                                                                  R2CgZG545D.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                  • 185.215.113.43/Zu7JuNko/index.php
                                                                                                                                                                                                                                  104.21.21.99Set-up!.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, XWormBrowse
                                                                                                                                                                                                                                        gf3yK6i4OX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          0WO49yZcDA.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            uDTW3VjJJT.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                              u1z7S3hr06.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                NAliwxUTJ4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  1QNOKwVoOT.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                    gJkNLYV0ax.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      1.1.1.16fW0GedR6j.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 1.1.1.1/ctrl/playback.php
                                                                                                                                                                                                                                                      PO-230821_pdf.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                                                                                                                                                      • www.974dp.com/sn26/?kJBLpb8=qaEGeuQorcUQurUZCuE8d9pas+Z0M0brqtX248JBolEfq8j8F1R9i1jKZexhxY54UlRG&ML0tl=NZlpi
                                                                                                                                                                                                                                                      AFfv8HpACF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 1.1.1.1/
                                                                                                                                                                                                                                                      INVOICE_90990_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                      • www.quranvisor.com/usvr/?mN9d3vF=HHrW7cA9N4YJlebHFvlsdlDciSnnaQItEG8Ccfxp291VjnjcuwoPACt7EOqEq4SWjIf8&Pjf81=-Zdd-V5hqhM4p2S
                                                                                                                                                                                                                                                      Go.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 1.1.1.1/

                                                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      CLOUDFLARENETUSLightSpoofer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 104.26.9.59
                                                                                                                                                                                                                                                      Solara-3.0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.197.170
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                                      • 104.21.67.146
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      • 104.21.67.146
                                                                                                                                                                                                                                                      Rechnung736258.pdf.lnkGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.16.1
                                                                                                                                                                                                                                                      https://shibe-rium.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 104.18.18.237
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                      • 172.67.197.170
                                                                                                                                                                                                                                                      finathot.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                      • 172.67.178.25
                                                                                                                                                                                                                                                      CLOUDFLARENETUSLightSpoofer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 104.26.9.59
                                                                                                                                                                                                                                                      Solara-3.0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.197.170
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                                      • 104.21.67.146
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      • 104.21.67.146
                                                                                                                                                                                                                                                      Rechnung736258.pdf.lnkGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.16.1
                                                                                                                                                                                                                                                      https://shibe-rium.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 104.18.18.237
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                      • 172.67.197.170
                                                                                                                                                                                                                                                      finathot.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                      • 172.67.178.25
                                                                                                                                                                                                                                                      WHOLESALECONNECTIONSNLfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                                      • 185.215.113.43
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      • 185.215.113.206
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                      • 185.215.113.206
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                                      • 185.215.113.43
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                      • 185.215.113.16
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                      • 185.215.113.43
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                      • 185.215.113.43
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                      • 185.215.113.206
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                      • 185.215.113.16
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, XWormBrowse
                                                                                                                                                                                                                                                      • 185.215.113.16

                                                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      C:\ProgramData\freebl3.dllfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                          2BI8rJKpBa.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                            2AIgdyA1Cl.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                              1QNOKwVoOT.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                R2CgZG545D.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                      1So9BcQi1J.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                        Tii6ue74NB.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, VidarBrowse

                                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                                          C:\ProgramData\DBKEHDGD

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):196608
                                                                                                                                                                                                                                                                          Entropy (8bit):1.121297215059106
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                                                                                                                                                          MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                                                                                                                                                          SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                                                                                                                                                          SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                                                                                                                                                          SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\EGDBFIIECBGDGDGDHCAK

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):11829
                                                                                                                                                                                                                                                                          Entropy (8bit):5.4628909130298915
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:PnPOeRnLYbBp6dJ0aX+H6SEXKiF35RHWNBw8d2Sl:HDe0JUaL1HEwD0
                                                                                                                                                                                                                                                                          MD5:D5F69CF84FA753D9A8AE12F0236F8BC3
                                                                                                                                                                                                                                                                          SHA1:51DDA8703F7AC9BDC96C792F554D3A1B7F97E792
                                                                                                                                                                                                                                                                          SHA-256:5027AB4D12328F9C9E580FD6247F2A8188F54FBDEA99B5C033BE1E7895D76599
                                                                                                                                                                                                                                                                          SHA-512:AAA695B066CEFDC7542B0158EADF3018DD46743B2A9AAB97181FB455EDD82B061806294F8FFC90249A772A92D0926955C71E7D28EECE5979B0695439D3A21236
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1734808667);..user_pref("app.up

                                                                                                                                                                                                                                                                          C:\ProgramData\FBGHCGCAEBFIJKFIDBGHDGHCGH

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5242880
                                                                                                                                                                                                                                                                          Entropy (8bit):0.03859996294213402
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
                                                                                                                                                                                                                                                                          MD5:D2A38A463B7925FE3ABE31ECCCE66ACA
                                                                                                                                                                                                                                                                          SHA1:A1824888F9E086439B287DEA497F660F3AA4B397
                                                                                                                                                                                                                                                                          SHA-256:474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
                                                                                                                                                                                                                                                                          SHA-512:62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\HJDBKJKFIECAAAKFBFBF

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):51200
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                                          MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                                          SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                                          SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                                          SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\IIIECAAK

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):106496
                                                                                                                                                                                                                                                                          Entropy (8bit):1.136413900497188
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                                                                                                                                                          MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                                                                                                                                                          SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                                                                                                                                                          SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                                                                                                                                                          SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\IJDHDGDAAAAKFIDGHJDGCGCFHJ

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):98304
                                                                                                                                                                                                                                                                          Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\JJEGIJEGDBFHDGCAFCAE

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EUCyhuW.exe_1b338aef60bb2262272619b510d6b6292e686938_c8654dd2_d5aa1795-4462-47c1-9927-bd6fc059d1fc\Report.wer

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                                                                          Entropy (8bit):0.7256980841729516
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:9IFIZhEJns9sh1yDfUQXIDcQvc6QcEVcw3cE//+HbHg/8BRTf3o8Fa9OyWZAX/dP:WSZhEJn00BU/Yj/qzuiFpZ24IO8Aj
                                                                                                                                                                                                                                                                          MD5:527E19740FA73C448CC1C6886C29B274
                                                                                                                                                                                                                                                                          SHA1:0F983EA5774853D461397DFD57F4B6AB9CCD1F6F
                                                                                                                                                                                                                                                                          SHA-256:695D25F974D009469874F72FB0EC2605855538BC0243F06DD0E5D1F4E12A05F4
                                                                                                                                                                                                                                                                          SHA-512:17D744AF043A0E228730004DB6464F722F8F1CBFB6ED28F87514835625C0C07CA9074D231DA8A83C3598388EDB2A099162CB0578F52968ED4ABD02DE4E8CF893
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.2.8.2.1.7.1.5.2.1.1.1.5.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.2.8.2.1.7.1.7.7.1.0.9.2.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.5.a.a.1.7.9.5.-.4.4.6.2.-.4.7.c.1.-.9.9.2.7.-.b.d.6.f.c.0.5.9.d.1.f.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.4.b.b.b.1.8.b.-.3.6.8.e.-.4.2.c.9.-.a.b.c.6.-.3.2.f.2.b.8.d.e.c.7.7.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.E.U.C.y.h.u.W...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.p.c.P.i.n.g...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.6.0.-.0.0.0.1.-.0.0.1.4.-.0.8.8.2.-.5.8.c.b.d.c.5.3.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.8.f.e.4.d.d.b.1.2.e.2.2.3.9.6.d.b.2.4.b.9.7.7.f.f.e.c.1.5.d.5.0.0.0.0.0.9.0.4.!.0.0.0.0.7.5.6.e.8.3.6.b.c.a.9.0.5.9.d.2.c.a.c.4.8.a.9.7.9.a.c.2.f.a.0.8.8.2.a.d.e.9.b.

                                                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERA9F0.tmp.dmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, Sat Dec 21 19:16:11 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):43022
                                                                                                                                                                                                                                                                          Entropy (8bit):1.7036763821806151
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:qDW4DWHOUKv6XL9JimZxc0wXXES62Z7wN:oHzHvs9Jim8kS62Z
                                                                                                                                                                                                                                                                          MD5:EB242AC6989B96B00193CD1C1DF7A1F6
                                                                                                                                                                                                                                                                          SHA1:4D7EB2BE8A0D9A34C085F37298EEB3BCD55B89AD
                                                                                                                                                                                                                                                                          SHA-256:050210B4AC7E7F61663E0AF36EBD024FD3D19239B3D4F29E7B200828D56D1661
                                                                                                                                                                                                                                                                          SHA-512:6D50B08255E166D55B7558AC51E14A80B37600E59EF5026E5726821B025AD5DBF808005719C50F48723543044C0968822CFA008E093896173A149314E9EFD82B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:MDMP..a..... .........gg........................0...........T...`!..........T.......8...........T...........h...........................................................................................................eJ..............GenuineIntel............T.......`.....gg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA3F.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):8276
                                                                                                                                                                                                                                                                          Entropy (8bit):3.692398399508905
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:R6l7wVeJkg6l6YECo6Agmf/uJvZpry89bRnsfzV7m:R6lXJL6l6Yo6Agmf/uJvPRsfzU
                                                                                                                                                                                                                                                                          MD5:42A30BDC3175D16DEF1B2F70ACD29695
                                                                                                                                                                                                                                                                          SHA1:F147E75941DFF80801FB9864C331A60E930EFBCB
                                                                                                                                                                                                                                                                          SHA-256:7A74986DB86DC8D56D93691C3541D9C022256848428AB2755697BDA8B8FDCE34
                                                                                                                                                                                                                                                                          SHA-512:D994DA5F7A39FB18752FFC670644F74513BF41C0B2FCD1E438A561CCC4B5F3A396651ED11E5E2CFA74045FD4CB308A30683DB1F9313FD036FCE8C581EE600EAC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.4.9.6.<./.P.i.

                                                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA5F.tmp.xml

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4646
                                                                                                                                                                                                                                                                          Entropy (8bit):4.467300475866282
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:cvIwWl8zsIJg77aI96VWpW8VYtYm8M4JqSEmuFA+q8uErL5ZKFb3qd:uIjfOI7gk7VtJRK5ZKFTqd
                                                                                                                                                                                                                                                                          MD5:B27E45263313951D3EAC98F7908EF5E1
                                                                                                                                                                                                                                                                          SHA1:DD89A818C6E4421B7FD2B5FCFB441F6A083FB7FD
                                                                                                                                                                                                                                                                          SHA-256:461772AA7E5F76DD2013A10841B2933118FA3B63B0A50DB679282AF52CA782CE
                                                                                                                                                                                                                                                                          SHA-512:6FF102ADA89C23319CD9EE309AF5078E020D0B360E9E82377C572C2AFC2C2C91A831D50005AE4AC16FA51A0536901E267889EEAC45DCF44C05C6DA1ED647DD56
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="641418" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                          C:\ProgramData\freebl3.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):685392
                                                                                                                                                                                                                                                                          Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                                          MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                                          SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                                          SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                                          SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: 2BI8rJKpBa.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: 2AIgdyA1Cl.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: 1QNOKwVoOT.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: R2CgZG545D.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: 1So9BcQi1J.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: Tii6ue74NB.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\mozglue.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):608080
                                                                                                                                                                                                                                                                          Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                                          MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                                          SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                                          SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                                          SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\msvcp140.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):450024
                                                                                                                                                                                                                                                                          Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                                          MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                                          SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                                          SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                                          SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\nss3.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2046288
                                                                                                                                                                                                                                                                          Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                                          MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                                          SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                                          SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                                          SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\softokn3.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):257872
                                                                                                                                                                                                                                                                          Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                                          MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                                          SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                                          SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                                          SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\vcruntime140.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):80880
                                                                                                                                                                                                                                                                          Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                                          MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                                          SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                                          SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                                          SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\5936bfa4af.exe.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exe
                                                                                                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):226
                                                                                                                                                                                                                                                                          Entropy (8bit):5.360398796477698
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
                                                                                                                                                                                                                                                                          MD5:3A8957C6382192B71471BD14359D0B12
                                                                                                                                                                                                                                                                          SHA1:71B96C965B65A051E7E7D10F61BEBD8CCBB88587
                                                                                                                                                                                                                                                                          SHA-256:282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
                                                                                                                                                                                                                                                                          SHA-512:76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\hYW0tgm[1].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):302080
                                                                                                                                                                                                                                                                          Entropy (8bit):6.866955939734562
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:SkK6W/39Y4zbD5ozoOxMEpgSVumtLoYgXCuVy1w5XTcLU:RWf9Y4zbNUcQbBgXhVy1w5XQL
                                                                                                                                                                                                                                                                          MD5:B251CF9E14AA07B1A2E506AD4EE0028C
                                                                                                                                                                                                                                                                          SHA1:3BAFD765233C9BC50BA3945446B4153D6F10A41A
                                                                                                                                                                                                                                                                          SHA-256:BE4AE482B0CA161F7D52DCFECC38E55AF4B0A0342B0C1B854329DA4F42B6C1CB
                                                                                                                                                                                                                                                                          SHA-512:660313D8286535B3ACAB03C8894D069D7FCB65EB4B5E75026529A096C2337CD68D8A291ABF78F612D75B5AEC2A413E0936EB16C8C1A94BFDA0568DD41312C2C7
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g............................P.............@..........................`............@.................................................................. ...8...................................................................................text...6........................... ..`.rdata... ......."..................@..@.data........0...P..................@....reloc...8... ...:...b..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2914304
                                                                                                                                                                                                                                                                          Entropy (8bit):6.465169463554565
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:H5TyZnSWxefP7/RzxLr5XQfe7CocYIGd7tTO:H5yZnSWxobnLrtYWCzdiN
                                                                                                                                                                                                                                                                          MD5:C4B3E529888B95D857AB1B2E80B1521E
                                                                                                                                                                                                                                                                          SHA1:766C52D4B3CE0499E1B3741AC7340EF7BE269BC5
                                                                                                                                                                                                                                                                          SHA-256:30A3DF00160FEAF60704951884CB3917F4553703E949C449CBCC0BD24CEC0EBD
                                                                                                                                                                                                                                                                          SHA-512:443687C0F80628B719605ACF70083587881AD57FDBD82D313EF53D7C207E2BDBBB9A6EAF182F71D80CF2A9C00D0AA71993E2927F3ECC1397404FBE993E13ACDC
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(........O...........@...........................O.....A.,...@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@...snxelege..*...$...*..|..............@...ykhzuyiy......O......P,.............@....taggant.0....O.."...V,.............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):439296
                                                                                                                                                                                                                                                                          Entropy (8bit):6.4903731089009495
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:v4RG6lx/9Njr18QlSfJy4FjMSkJCzDLGDWD:O9NtSTZMzmmD4
                                                                                                                                                                                                                                                                          MD5:51FF79B406CB223DD49DD4C947EC97B0
                                                                                                                                                                                                                                                                          SHA1:B9B0253480A1B6CBDD673383320FECAE5EFB3DCE
                                                                                                                                                                                                                                                                          SHA-256:2E3A5DFA44D59681A60D78B8B08A1AF3878D8E270C02D7E31A0876A85EB42A7E
                                                                                                                                                                                                                                                                          SHA-512:C2B8D15B0DC1B0846F39CE007BE2DEB41D5B6AE76AF90D618F29DA8691ED987C42F3C270F0EA7F4D10CBD2D3877118F4133803C9C965B6FF236FF8CFAFD9367C
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........BS..,...,...,.../...,...).#.,..(...,../...,..)...,.......,...(...,...-...,...-.j.,.U.%...,.U.....,.U.....,.Rich..,.........PE..L....3dg............................'.............@..........................0............@..................................E...................................E......8...............................@...............<............................text...j........................... ..`.rdata...H.......J..................@..@.data....m...`...,...@..............@....rsrc................l..............@..@.reloc...E.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\SurveillanceWalls[1].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1294445
                                                                                                                                                                                                                                                                          Entropy (8bit):7.975817752785393
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:ovHavrNGiB7Ld0Pbd04XWxCQkcMeiPoHe/wh1b2BcGtF4GFx6w:gA59BMdxXoTMYCwsFhJ
                                                                                                                                                                                                                                                                          MD5:5A909C9769920208ED3D4D7279F08DE5
                                                                                                                                                                                                                                                                          SHA1:656F447088626150E252CBF7DF6F8CD0DE596FA0
                                                                                                                                                                                                                                                                          SHA-256:5F2C26E780639A76F10C549E7DEA1421C4F06093C1FACBF4DD8CF0A8B2FEE8CB
                                                                                                                                                                                                                                                                          SHA-512:C6038048BD09C8F704246A6BA176EA63B1C8D23F2E127600C50BAC50F3032C1B751EA8E405A2FE1EA707F75F21CF6516447345A84751BC677D94874D4B91090B
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t...v...B...8............@.......................... ...........@.................................@............................6...`.......................................................................................text....r.......t.................. ..`.rdata..n+.......,...x..............@..@.data....+..........................@....ndata...................................rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):685392
                                                                                                                                                                                                                                                                          Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                                          MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                                          SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                                          SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                                          SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):608080
                                                                                                                                                                                                                                                                          Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                                          MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                                          SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                                          SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                                          SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):450024
                                                                                                                                                                                                                                                                          Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                                          MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                                          SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                                          SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                                          SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2046288
                                                                                                                                                                                                                                                                          Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                                          MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                                          SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                                          SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                                          SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1845760
                                                                                                                                                                                                                                                                          Entropy (8bit):7.950089891099675
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:itC6frqyn2YgU4VtJtIYBcTXI8V8yP2Bcg3G3cxyHVTN5ZSXcz+Im8CNFW:itH+zU4FKjT48iyP2BUMxy1pSXcDW
                                                                                                                                                                                                                                                                          MD5:26F1B241A64F088FA3113C4587F12D50
                                                                                                                                                                                                                                                                          SHA1:8827D56FB563F91BDDB713254C5A6CAD8514CA51
                                                                                                                                                                                                                                                                          SHA-256:A99CC4F0319D76DA314AB9E2458482DC72907B94EC18156205394124B973BB66
                                                                                                                                                                                                                                                                          SHA-512:D7FA7C7CF860C4695D54CFC3878DC25B39685DA5D4A5B60AFB2D2A0C62FE5F068CAF57AB11DA603A9C9568E0D6F11C7B763FCA53025B0BA50EDBA5F59C590348
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................0I...........@..........................`I...........@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... .0*..@.......\..............@...gysvhwxe.....p/......^..............@...isftafyi..... I.....................@....taggant.0...0I.."..................@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1861632
                                                                                                                                                                                                                                                                          Entropy (8bit):7.947162986091251
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:pXszOuMpJuVj4ozSuhfA6CFRStA4LyHY7LJAf:ezDMeVj2ICFRFOyHY7LJi
                                                                                                                                                                                                                                                                          MD5:15709EBA2AFAF7CC0A86CE0ABF8E53F1
                                                                                                                                                                                                                                                                          SHA1:238EBF0D386ECF0E56D0DDB60FACA0EA61939BB6
                                                                                                                                                                                                                                                                          SHA-256:10BFF40A9D960D0BE3CC81B074A748764D7871208F324DE26D365B1F8EA3935A
                                                                                                                                                                                                                                                                          SHA-512:65EDEFA20F0BB35BEE837951CCD427B94A18528C6E84DE222B1AA0AF380135491BB29A049009F77E66FCD2ABE5376A831D98E39055E1042CCEE889321B96E8E9
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 47%
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................PI...........@...........................I.....IA....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...wekcazbo.....P/......^..............@...ttllozcv.....@I......@..............@....taggant.0...PI.."...F..............@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[3].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):605696
                                                                                                                                                                                                                                                                          Entropy (8bit):6.377818589865092
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:aYoGFIZzm1vI5ubYumjqu6lpvD/IlfUye7K3c:aYoGFIZzm1vlbFmjWlpL/Iw7K3
                                                                                                                                                                                                                                                                          MD5:3567CB15156760B2F111512FFDBC1451
                                                                                                                                                                                                                                                                          SHA1:2FDB1F235FC5A9A32477DAB4220ECE5FDA1539D4
                                                                                                                                                                                                                                                                          SHA-256:0285D3A6C1CA2E3A993491C44E9CF2D33DBEC0FB85FDBF48989A4E3B14B37630
                                                                                                                                                                                                                                                                          SHA-512:E7A31B016417218387A4702E525D33DD4FE496557539B2AB173CEC0CB92052C750CFC4B3E7F02F3C66AC23F19A0C8A4EB6C9D2B590A5E9FAEB525E517BC877BA
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 63%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M...............B.......B.......v.......v......B........v..c...R.......B.......B...............Bw......Bw+.......C.....Bw......Rich....................PE..d...1.1g.........."....).....l.......2.........@..........................................`..........................................................`..H.......tL...........p..........p.......................(...@...@............................................text...>........................... ..`.rdata..d...........................@..@.data....;..........................@....pdata..tL.......N..................@..@.rsrc...H....`.......,..............@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):257872
                                                                                                                                                                                                                                                                          Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                                          MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                                          SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                                          SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                                          SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):80880
                                                                                                                                                                                                                                                                          Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                                          MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                                          SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                                          SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                                          SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2668544
                                                                                                                                                                                                                                                                          Entropy (8bit):6.1024828899386625
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:CAT1rDm9Jeg99E2spwr44UaaDB8v+oyLfwt3LE3eFqZHNZ25WYDo6fsWc6jlOaSo:CATNI9G2sOr44UaaDB8moVt3LE3eFqZw
                                                                                                                                                                                                                                                                          MD5:87330F1877C33A5A6203C49075223B16
                                                                                                                                                                                                                                                                          SHA1:55B64EE8B2D1302581AB1978E9588191E4E62F81
                                                                                                                                                                                                                                                                          SHA-256:98F2344ED45FF0464769E5B006BF0E831DC3834F0534A23339BB703E50DB17E0
                                                                                                                                                                                                                                                                          SHA-512:7C747D3EDB04E4E71DCE7EFA33F5944A191896574FEE5227316739A83D423936A523DF12F925EE9B460CCE23B49271F549C1EE5D77B50A7D7C6E3F31BA120C8F
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 18%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%.Gra.)!a.)!a.)!.** l.)!.*, ..)!.*- r.)!p-* s.)!p-- q.)!p-, G.)!.*( d.)!a.(!?.)!.-! `.)!.-.!`.)!.-+ `.)!Richa.)!................PE..L.....eg...............*..&.........P.#.......&...@...........................).......(...@...................................'.<.....'.}.....................(..j....'.T...........................@.'.@.............&.@............................text.....&.......&................. ..`.rdata..,.....&.......&.............@..@.data.........'.......'.............@....fptable......'.......'.............@....rsrc...}.....'.......'.............@..@.reloc...j....(..l...L(.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[2].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):970240
                                                                                                                                                                                                                                                                          Entropy (8bit):6.702688860596642
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:/qDEvCTbMWu7rQYlBQcBiT6rprG8a8TP:/TvC/MTQYxsWR7a8T
                                                                                                                                                                                                                                                                          MD5:3D0A0F60AC258C89AFDFD9F471DBF8F7
                                                                                                                                                                                                                                                                          SHA1:3AE7F9C159D5A38998D07D92AE75830CDF171DB6
                                                                                                                                                                                                                                                                          SHA-256:3050EF23200642CA17CDD6DB2C3F6B4FDD52F57610377A27A9BCDA97EDB692EA
                                                                                                                                                                                                                                                                          SHA-512:07B84853349F563746230C7391D5B7FFE7574B06304409ED622F93C7B5A2A0CF40F5AAD8714EDFA92AC3C9ADDEA1D32ECC562E7C12AAAE8DFBF3E6B7E9E572F6
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L.....gg..........".................w.............@..........................0......RQ....@...@.......@.....................d...|....@...c.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....c...@...d..................@..@.reloc...u.......v...X..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[3].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4438776
                                                                                                                                                                                                                                                                          Entropy (8bit):7.99505709582503
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:98304:Z/5zwjjEgd1H9RKNXpyUEJh56Nd1QVECgnD8EUVLbZJZCH3J53uJ+b:Z/qBdHRSXYBmrohgnDfUxbZJE2K
                                                                                                                                                                                                                                                                          MD5:3A425626CBD40345F5B8DDDD6B2B9EFA
                                                                                                                                                                                                                                                                          SHA1:7B50E108E293E54C15DCE816552356F424EEA97A
                                                                                                                                                                                                                                                                          SHA-256:BA9212D2D5CD6DF5EB7933FB37C1B72A648974C1730BF5C32439987558F8E8B1
                                                                                                                                                                                                                                                                          SHA-512:A7538C6B7E17C35F053721308B8D6DC53A90E79930FF4ED5CFFECAA97F4D0FBC5F9E8B59F1383D8F0699C8D4F1331F226AF71D40325022D10B885606A72FE668
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 87%
                                                                                                                                                                                                                                                                          Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L....?.O............................_.............@..................................D..............................................0...O...........{C..?..............................................................l............................text............................... ..`.rdata...;.......<..................@..@.data....M..........................@....rsrc....O...0...P..................@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P.P...P....Y.nj'.@....u..v..=..A..6P......P....9^..].v8.^..3......h..A.P..........P......P..x.A..E..E....;F.r......P.~...Y..6..j...t.A...t$..D....V...%s......A..F8......^.j..q.....A..3.9.`.A.t...@....9D$.t..t$.Ph.....5X.A.....A.3.....D$..`...|$..u..@.....3.....p.A.............t$..D$..t$...`.A./.@..t$...P.Q..%`.A...3.....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u...t$...T.A..L$.......%..........S.\$.V..C;^.tLW3.j.Z...........Q.....3.9F.Y~.9F

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\EUCyhuW[1].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):555008
                                                                                                                                                                                                                                                                          Entropy (8bit):7.54141233892837
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:O3sPnKB1HitY7GwyqGPwhRxiLsr0D3DISDHDmeLCi:O8PnKrittwyZYhviLvD3F7DQi
                                                                                                                                                                                                                                                                          MD5:D6D3AB7208760962B95BE3EEB224C1AC
                                                                                                                                                                                                                                                                          SHA1:756E836BCA9059D2CAC48A979AC2FA0882ADE9B9
                                                                                                                                                                                                                                                                          SHA-256:83E37E981B2DB461C2C3C41B32D295AF12C0D04A735F43E316007F2CD1CBA2B3
                                                                                                                                                                                                                                                                          SHA-512:ED52FA22D975BF60AE8F2DCDCB0375E9BB5EB090476AE99D132CC29606EF41CE96C1AD6DF8384DD7C5CB49F4F57B3F8E77D771747C212C5493255D412A6F3B8F
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....fg.........."..................K............@.......................................@.................................\...P................................!...........................g......x+..............$...x............................text...O........................... ..`.rdata.............................@..@.data....4.......$..................@....tls................................@....reloc...!......."..................@..B.bss.........@......................@....rsrc................t..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):776832
                                                                                                                                                                                                                                                                          Entropy (8bit):7.859727158445845
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:smOcxtujRwuweJH9RKC6cmulcfJbBiv0W6NLtXcgAuuweJH9RKC6cmulcfJbBivj:pG+XeJH9Rp6RtfNLtMmXeJH9Rp6RtfN8
                                                                                                                                                                                                                                                                          MD5:AFD936E441BF5CBDB858E96833CC6ED3
                                                                                                                                                                                                                                                                          SHA1:3491EDD8C7CAF9AE169E21FB58BCCD29D95AEFEF
                                                                                                                                                                                                                                                                          SHA-256:C6491D7A6D70C7C51BACA7436464667B4894E4989FA7C5E05068DDE4699E1CBF
                                                                                                                                                                                                                                                                          SHA-512:928C15A1EDA602B2A66A53734F3F563AB9626882104E30EE2BF5106CFD6E08EC54F96E3063F1AB89BF13BE2C8822A8419F5D8EE0A3583A4C479785226051A325
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 68%
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....`g..........".................RY............@.......................................@..................................7..<...............................@...........................X.......................(9..T............................text............................... ..`.rdata..$...........................@..@.data...l"...P.......>..............@....bsS....S............T.............. ..`.tls.................V..............@....rsrc................X..............@..@.reloc..@............Z..............@..B.bss.................t..............@....bss.........p......................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[2].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2788864
                                                                                                                                                                                                                                                                          Entropy (8bit):6.479997561972589
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:p//91YsxXkOPEKvdxpZCKiPK85LkDaHLWRBRrc/pQH+eitSh:pX9BkOPaPK85LyaHLWRBRruY
                                                                                                                                                                                                                                                                          MD5:F2F8D2D15D376C6CD78647595E4328CA
                                                                                                                                                                                                                                                                          SHA1:3A1A861EEAE5E24635644DD0AA3F659B6AB00DCD
                                                                                                                                                                                                                                                                          SHA-256:1B91795064BB8C80CEB4891C96923FF84CD8FB3CD07C8897050CF7467AFFED81
                                                                                                                                                                                                                                                                          SHA-512:C7673C75F4E0D700C3B1B9972E1A7F5995C10B129E9BB3ADCE4D27622E35EB95B31DBC9CBC01D85DE073493AFCDC85FD130803EE52F09476A5F7998490F35525
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............*.. ...`....@.. ........................+.......+...`.................................U...i....`..D........................................................................................................... . .@... ...@... ..............@....rsrc...D....`.......`..............@....idata . ...........f..............@...fsnanlnd..*.......*..h..............@...vmzqagxo. ....*......h*.............@....taggant.@....*.."...l*.............@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):555008
                                                                                                                                                                                                                                                                          Entropy (8bit):7.54141233892837
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:O3sPnKB1HitY7GwyqGPwhRxiLsr0D3DISDHDmeLCi:O8PnKrittwyZYhviLvD3F7DQi
                                                                                                                                                                                                                                                                          MD5:D6D3AB7208760962B95BE3EEB224C1AC
                                                                                                                                                                                                                                                                          SHA1:756E836BCA9059D2CAC48A979AC2FA0882ADE9B9
                                                                                                                                                                                                                                                                          SHA-256:83E37E981B2DB461C2C3C41B32D295AF12C0D04A735F43E316007F2CD1CBA2B3
                                                                                                                                                                                                                                                                          SHA-512:ED52FA22D975BF60AE8F2DCDCB0375E9BB5EB090476AE99D132CC29606EF41CE96C1AD6DF8384DD7C5CB49F4F57B3F8E77D771747C212C5493255D412A6F3B8F
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....fg.........."..................K............@.......................................@.................................\...P................................!...........................g......x+..............$...x............................text...O........................... ..`.rdata.............................@..@.data....4.......$..................@....tls................................@....reloc...!......."..................@..B.bss.........@......................@....rsrc................t..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1294445
                                                                                                                                                                                                                                                                          Entropy (8bit):7.975817752785393
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:ovHavrNGiB7Ld0Pbd04XWxCQkcMeiPoHe/wh1b2BcGtF4GFx6w:gA59BMdxXoTMYCwsFhJ
                                                                                                                                                                                                                                                                          MD5:5A909C9769920208ED3D4D7279F08DE5
                                                                                                                                                                                                                                                                          SHA1:656F447088626150E252CBF7DF6F8CD0DE596FA0
                                                                                                                                                                                                                                                                          SHA-256:5F2C26E780639A76F10C549E7DEA1421C4F06093C1FACBF4DD8CF0A8B2FEE8CB
                                                                                                                                                                                                                                                                          SHA-512:C6038048BD09C8F704246A6BA176EA63B1C8D23F2E127600C50BAC50F3032C1B751EA8E405A2FE1EA707F75F21CF6516447345A84751BC677D94874D4B91090B
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t...v...B...8............@.......................... ...........@.................................@............................6...`.......................................................................................text....r.......t.................. ..`.rdata..n+.......,...x..............@..@.data....+..........................@....ndata...................................rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1019563001\hYW0tgm.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):302080
                                                                                                                                                                                                                                                                          Entropy (8bit):6.866955939734562
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:SkK6W/39Y4zbD5ozoOxMEpgSVumtLoYgXCuVy1w5XTcLU:RWf9Y4zbNUcQbBgXhVy1w5XQL
                                                                                                                                                                                                                                                                          MD5:B251CF9E14AA07B1A2E506AD4EE0028C
                                                                                                                                                                                                                                                                          SHA1:3BAFD765233C9BC50BA3945446B4153D6F10A41A
                                                                                                                                                                                                                                                                          SHA-256:BE4AE482B0CA161F7D52DCFECC38E55AF4B0A0342B0C1B854329DA4F42B6C1CB
                                                                                                                                                                                                                                                                          SHA-512:660313D8286535B3ACAB03C8894D069D7FCB65EB4B5E75026529A096C2337CD68D8A291ABF78F612D75B5AEC2A413E0936EB16C8C1A94BFDA0568DD41312C2C7
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g............................P.............@..........................`............@.................................................................. ...8...................................................................................text...6........................... ..`.rdata... ......."..................@..@.data........0...P..................@....reloc...8... ...:...b..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2668544
                                                                                                                                                                                                                                                                          Entropy (8bit):6.1024828899386625
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:CAT1rDm9Jeg99E2spwr44UaaDB8v+oyLfwt3LE3eFqZHNZ25WYDo6fsWc6jlOaSo:CATNI9G2sOr44UaaDB8moVt3LE3eFqZw
                                                                                                                                                                                                                                                                          MD5:87330F1877C33A5A6203C49075223B16
                                                                                                                                                                                                                                                                          SHA1:55B64EE8B2D1302581AB1978E9588191E4E62F81
                                                                                                                                                                                                                                                                          SHA-256:98F2344ED45FF0464769E5B006BF0E831DC3834F0534A23339BB703E50DB17E0
                                                                                                                                                                                                                                                                          SHA-512:7C747D3EDB04E4E71DCE7EFA33F5944A191896574FEE5227316739A83D423936A523DF12F925EE9B460CCE23B49271F549C1EE5D77B50A7D7C6E3F31BA120C8F
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 18%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%.Gra.)!a.)!a.)!.** l.)!.*, ..)!.*- r.)!p-* s.)!p-- q.)!p-, G.)!.*( d.)!a.(!?.)!.-! `.)!.-.!`.)!.-+ `.)!Richa.)!................PE..L.....eg...............*..&.........P.#.......&...@...........................).......(...@...................................'.<.....'.}.....................(..j....'.T...........................@.'.@.............&.@............................text.....&.......&................. ..`.rdata..,.....&.......&.............@..@.data.........'.......'.............@....fptable......'.......'.............@....rsrc...}.....'.......'.............@..@.reloc...j....(..l...L(.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):776832
                                                                                                                                                                                                                                                                          Entropy (8bit):7.859727158445845
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:smOcxtujRwuweJH9RKC6cmulcfJbBiv0W6NLtXcgAuuweJH9RKC6cmulcfJbBivj:pG+XeJH9Rp6RtfNLtMmXeJH9Rp6RtfN8
                                                                                                                                                                                                                                                                          MD5:AFD936E441BF5CBDB858E96833CC6ED3
                                                                                                                                                                                                                                                                          SHA1:3491EDD8C7CAF9AE169E21FB58BCCD29D95AEFEF
                                                                                                                                                                                                                                                                          SHA-256:C6491D7A6D70C7C51BACA7436464667B4894E4989FA7C5E05068DDE4699E1CBF
                                                                                                                                                                                                                                                                          SHA-512:928C15A1EDA602B2A66A53734F3F563AB9626882104E30EE2BF5106CFD6E08EC54F96E3063F1AB89BF13BE2C8822A8419F5D8EE0A3583A4C479785226051A325
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 68%
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....`g..........".................RY............@.......................................@..................................7..<...............................@...........................X.......................(9..T............................text............................... ..`.rdata..$...........................@..@.data...l"...P.......>..............@....bsS....S............T.............. ..`.tls.................V..............@....rsrc................X..............@..@.reloc..@............Z..............@..B.bss.................t..............@....bss.........p......................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1845760
                                                                                                                                                                                                                                                                          Entropy (8bit):7.950089891099675
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:itC6frqyn2YgU4VtJtIYBcTXI8V8yP2Bcg3G3cxyHVTN5ZSXcz+Im8CNFW:itH+zU4FKjT48iyP2BUMxy1pSXcDW
                                                                                                                                                                                                                                                                          MD5:26F1B241A64F088FA3113C4587F12D50
                                                                                                                                                                                                                                                                          SHA1:8827D56FB563F91BDDB713254C5A6CAD8514CA51
                                                                                                                                                                                                                                                                          SHA-256:A99CC4F0319D76DA314AB9E2458482DC72907B94EC18156205394124B973BB66
                                                                                                                                                                                                                                                                          SHA-512:D7FA7C7CF860C4695D54CFC3878DC25B39685DA5D4A5B60AFB2D2A0C62FE5F068CAF57AB11DA603A9C9568E0D6F11C7B763FCA53025B0BA50EDBA5F59C590348
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................0I...........@..........................`I...........@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... .0*..@.......\..............@...gysvhwxe.....p/......^..............@...isftafyi..... I.....................@....taggant.0...0I.."..................@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2914304
                                                                                                                                                                                                                                                                          Entropy (8bit):6.465169463554565
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:H5TyZnSWxefP7/RzxLr5XQfe7CocYIGd7tTO:H5yZnSWxobnLrtYWCzdiN
                                                                                                                                                                                                                                                                          MD5:C4B3E529888B95D857AB1B2E80B1521E
                                                                                                                                                                                                                                                                          SHA1:766C52D4B3CE0499E1B3741AC7340EF7BE269BC5
                                                                                                                                                                                                                                                                          SHA-256:30A3DF00160FEAF60704951884CB3917F4553703E949C449CBCC0BD24CEC0EBD
                                                                                                                                                                                                                                                                          SHA-512:443687C0F80628B719605ACF70083587881AD57FDBD82D313EF53D7C207E2BDBBB9A6EAF182F71D80CF2A9C00D0AA71993E2927F3ECC1397404FBE993E13ACDC
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(........O...........@...........................O.....A.,...@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@...snxelege..*...$...*..|..............@...ykhzuyiy......O......P,.............@....taggant.0....O.."...V,.............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):970240
                                                                                                                                                                                                                                                                          Entropy (8bit):6.702688860596642
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:/qDEvCTbMWu7rQYlBQcBiT6rprG8a8TP:/TvC/MTQYxsWR7a8T
                                                                                                                                                                                                                                                                          MD5:3D0A0F60AC258C89AFDFD9F471DBF8F7
                                                                                                                                                                                                                                                                          SHA1:3AE7F9C159D5A38998D07D92AE75830CDF171DB6
                                                                                                                                                                                                                                                                          SHA-256:3050EF23200642CA17CDD6DB2C3F6B4FDD52F57610377A27A9BCDA97EDB692EA
                                                                                                                                                                                                                                                                          SHA-512:07B84853349F563746230C7391D5B7FFE7574B06304409ED622F93C7B5A2A0CF40F5AAD8714EDFA92AC3C9ADDEA1D32ECC562E7C12AAAE8DFBF3E6B7E9E572F6
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L.....gg..........".................w.............@..........................0......RQ....@...@.......@.....................d...|....@...c.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....c...@...d..................@..@.reloc...u.......v...X..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2788864
                                                                                                                                                                                                                                                                          Entropy (8bit):6.479997561972589
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:p//91YsxXkOPEKvdxpZCKiPK85LkDaHLWRBRrc/pQH+eitSh:pX9BkOPaPK85LyaHLWRBRruY
                                                                                                                                                                                                                                                                          MD5:F2F8D2D15D376C6CD78647595E4328CA
                                                                                                                                                                                                                                                                          SHA1:3A1A861EEAE5E24635644DD0AA3F659B6AB00DCD
                                                                                                                                                                                                                                                                          SHA-256:1B91795064BB8C80CEB4891C96923FF84CD8FB3CD07C8897050CF7467AFFED81
                                                                                                                                                                                                                                                                          SHA-512:C7673C75F4E0D700C3B1B9972E1A7F5995C10B129E9BB3ADCE4D27622E35EB95B31DBC9CBC01D85DE073493AFCDC85FD130803EE52F09476A5F7998490F35525
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............*.. ...`....@.. ........................+.......+...`.................................U...i....`..D........................................................................................................... . .@... ...@... ..............@....rsrc...D....`.......`..............@....idata . ...........f..............@...fsnanlnd..*.......*..h..............@...vmzqagxo. ....*......h*.............@....taggant.@....*.."...l*.............@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1019601001\a53907268b.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1861632
                                                                                                                                                                                                                                                                          Entropy (8bit):7.947162986091251
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:pXszOuMpJuVj4ozSuhfA6CFRStA4LyHY7LJAf:ezDMeVj2ICFRFOyHY7LJi
                                                                                                                                                                                                                                                                          MD5:15709EBA2AFAF7CC0A86CE0ABF8E53F1
                                                                                                                                                                                                                                                                          SHA1:238EBF0D386ECF0E56D0DDB60FACA0EA61939BB6
                                                                                                                                                                                                                                                                          SHA-256:10BFF40A9D960D0BE3CC81B074A748764D7871208F324DE26D365B1F8EA3935A
                                                                                                                                                                                                                                                                          SHA-512:65EDEFA20F0BB35BEE837951CCD427B94A18528C6E84DE222B1AA0AF380135491BB29A049009F77E66FCD2ABE5376A831D98E39055E1042CCEE889321B96E8E9
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 47%
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................PI...........@...........................I.....IA....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...wekcazbo.....P/......^..............@...ttllozcv.....@I......@..............@....taggant.0...PI.."...F..............@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1019602001\647da3efc5.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):439296
                                                                                                                                                                                                                                                                          Entropy (8bit):6.4903731089009495
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:v4RG6lx/9Njr18QlSfJy4FjMSkJCzDLGDWD:O9NtSTZMzmmD4
                                                                                                                                                                                                                                                                          MD5:51FF79B406CB223DD49DD4C947EC97B0
                                                                                                                                                                                                                                                                          SHA1:B9B0253480A1B6CBDD673383320FECAE5EFB3DCE
                                                                                                                                                                                                                                                                          SHA-256:2E3A5DFA44D59681A60D78B8B08A1AF3878D8E270C02D7E31A0876A85EB42A7E
                                                                                                                                                                                                                                                                          SHA-512:C2B8D15B0DC1B0846F39CE007BE2DEB41D5B6AE76AF90D618F29DA8691ED987C42F3C270F0EA7F4D10CBD2D3877118F4133803C9C965B6FF236FF8CFAFD9367C
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Temp\1019602001\647da3efc5.exe, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........BS..,...,...,.../...,...).#.,..(...,../...,..)...,.......,...(...,...-...,...-.j.,.U.%...,.U.....,.U.....,.Rich..,.........PE..L....3dg............................'.............@..........................0............@..................................E...................................E......8...............................@...............<............................text...j........................... ..`.rdata...H.......J..................@..@.data....m...`...,...@..............@....rsrc................l..............@..@.reloc...E.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1019603001\d0c6b9d6b8.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4438776
                                                                                                                                                                                                                                                                          Entropy (8bit):7.99505709582503
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:98304:Z/5zwjjEgd1H9RKNXpyUEJh56Nd1QVECgnD8EUVLbZJZCH3J53uJ+b:Z/qBdHRSXYBmrohgnDfUxbZJE2K
                                                                                                                                                                                                                                                                          MD5:3A425626CBD40345F5B8DDDD6B2B9EFA
                                                                                                                                                                                                                                                                          SHA1:7B50E108E293E54C15DCE816552356F424EEA97A
                                                                                                                                                                                                                                                                          SHA-256:BA9212D2D5CD6DF5EB7933FB37C1B72A648974C1730BF5C32439987558F8E8B1
                                                                                                                                                                                                                                                                          SHA-512:A7538C6B7E17C35F053721308B8D6DC53A90E79930FF4ED5CFFECAA97F4D0FBC5F9E8B59F1383D8F0699C8D4F1331F226AF71D40325022D10B885606A72FE668
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 87%
                                                                                                                                                                                                                                                                          Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L....?.O............................_.............@..................................D..............................................0...O...........{C..?..............................................................l............................text............................... ..`.rdata...;.......<..................@..@.data....M..........................@....rsrc....O...0...P..................@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P.P...P....Y.nj'.@....u..v..=..A..6P......P....9^..].v8.^..3......h..A.P..........P......P..x.A..E..E....;F.r......P.~...Y..6..j...t.A...t$..D....V...%s......A..F8......^.j..q.....A..3.9.`.A.t...@....9D$.t..t$.Ph.....5X.A.....A.3.....D$..`...|$..u..@.....3.....p.A.............t$..D$..t$...`.A./.@..t$...P.Q..%`.A...3.....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u...t$...T.A..L$.......%..........S.\$.V..C;^.tLW3.j.Z...........Q.....3.9F.Y~.9F

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1019604001\0c0e50df68.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):605696
                                                                                                                                                                                                                                                                          Entropy (8bit):6.377818589865092
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:aYoGFIZzm1vI5ubYumjqu6lpvD/IlfUye7K3c:aYoGFIZzm1vlbFmjWlpL/Iw7K3
                                                                                                                                                                                                                                                                          MD5:3567CB15156760B2F111512FFDBC1451
                                                                                                                                                                                                                                                                          SHA1:2FDB1F235FC5A9A32477DAB4220ECE5FDA1539D4
                                                                                                                                                                                                                                                                          SHA-256:0285D3A6C1CA2E3A993491C44E9CF2D33DBEC0FB85FDBF48989A4E3B14B37630
                                                                                                                                                                                                                                                                          SHA-512:E7A31B016417218387A4702E525D33DD4FE496557539B2AB173CEC0CB92052C750CFC4B3E7F02F3C66AC23F19A0C8A4EB6C9D2B590A5E9FAEB525E517BC877BA
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 63%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M...............B.......B.......v.......v......B........v..c...R.......B.......B...............Bw......Bw+.......C.....Bw......Rich....................PE..d...1.1g.........."....).....l.......2.........@..........................................`..........................................................`..H.......tL...........p..........p.......................(...@...@............................................text...>........................... ..`.rdata..d...........................@..@.data....;..........................@....pdata..tL.......N..................@..@.rsrc...H....`.......,..............@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\370821\Sale.com

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):947288
                                                                                                                                                                                                                                                                          Entropy (8bit):6.630612696399572
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                                                                                                          MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                          SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                                                                                                          SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                                                                                                          SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\370821\w

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):455773
                                                                                                                                                                                                                                                                          Entropy (8bit):7.999611378958578
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:12288:jxCQzRCdIiSYC3HGWze0kPuJxIv2B6xmDLnd3NBTsKKm:jxCQzcdIi43Hg0ljIu6KLd3Pem
                                                                                                                                                                                                                                                                          MD5:D02F356CC528BF6EAA89051942A0B1BE
                                                                                                                                                                                                                                                                          SHA1:DFECB4AE80274697F0D86E497CD566020EA23739
                                                                                                                                                                                                                                                                          SHA-256:5ED7E1F92A6BB08458CA99FDC83236095845F5939C6B9F7E423C6DB70869B95C
                                                                                                                                                                                                                                                                          SHA-512:91EC78343E91DB20EDF97F39C293A5A8A45851C510AD6499C85B26738DFD9E918EDDA14E8710ECE22D855D51D1417E722F19530CE3979E491C2B0DCCB5198E57
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:IP......W..%..s..^.C...A../.~..tHs.....6.2..X.{-?n.sI....U.UiP.J...@...t..f....P..o.*m.+..-6..).JC..x.D..{5:.-T...:Au.}..+.....<fN..c`R*HV.........f..L...@.x...../..,..H$.......T8....$ym.h8...@v9....;W......b.S..<....x".0f.z.~.W.7....J......K...:"..4Aa.G.b.z....%...>. ...q:..k\.]O...BU.......%.(......0v....I.....&<Do..X.{g.o..j#.w..4.6.6."~j....O..s............{.6.).b.I8/....zQph~..{..(.(..L....e..$.*..R.g"|.Kll`....'yS.`.Sz9.s..\.D...Y..QNn.?#!..4...Ay.n.....(.F....f2.P...Q.o..s...5...=!.`.w....{j..>s!]|.]..5.h.T.(.@...B3........x.....BS..3..B.z.tZ.m.H,...x..5.i.Gl..v.@`.0.t@....,0...[.5.T....i...V...x..}.xW..~.....:.....v..cI.)...-..sHC...mK......xE.\*.8u./....qU....9.....+..x.MR].F...q..G<RoV.....?w..0...-...O.}....g..>....y...%8..s....WDx0...w...bLx9%.s.P,+a.....kL...q.....D..h....M._.C*......Y.M....r\....*...*...z...Fi....op....4..9..H..U[._..n..e.....,.J.3."...u.-....F.SGsM...H4*5|.v[.....8..D..)|.,NwpM.\..)_.tT.\;....)yg.h.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Aka

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):43101
                                                                                                                                                                                                                                                                          Entropy (8bit):7.995736975425293
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:768:7UODqTAxIZz/hxqIygfLye2VmpNHQkcrouKgODnfl3KUQXKQ4wnPQkspK:7UODTxIjxqIPye2Vmp5QkuKg6daUu4Zm
                                                                                                                                                                                                                                                                          MD5:14422967D2C4B9A9A8A90E398B24F500
                                                                                                                                                                                                                                                                          SHA1:7031018AF43BCC5550A8B0A55680596D693334DC
                                                                                                                                                                                                                                                                          SHA-256:93DB8E88945B7DE88E98A7C50D64BFFA8B73C3B002C744C8D62C2EADF767CF6F
                                                                                                                                                                                                                                                                          SHA-512:4B5795F15774A7768A42AA3A2308B9366F47B30C92BABF688A67D2ABECA0037B63762F3E21154212DC5C8A31BCDD69F029E849E1D4DEF5676A04B64E2AE90C75
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.j.=.(K1..#|p....V.C.......].....H.........n._.U.....A1...5..&.QG.>.:..x_..6 \..M..O. ..}K6.-.~.U.Q.v..l...j5.x.V.......j#...M.T..9[M1....A..i..m.....*o..J.~......u...TI..F...i.Fkd...E...%V.D...[e..+F...".c.v..KY......Y.wEx4...!.$..;.pm&....pj&...Dy!....j....q._..v*.-GR.t.|YuZ-..r....6 y..n.....dT../..^...E/LMU.(..<4t` .....-.m0.....$.,..NJ.L...<.kc2.*..Nhu...'.{."..?d.5. ....!c.;...kWm...U.v..$s...t.....&..g.h..nX.......I~W.3..U....H...........i..$.qS..........}4.:Y.....g.*..WE.B.....I..>......[..$...Z....}..W.6.9....kj..!..;Fpwyl2F...p.x....Ze"#&.MMq.....H...........'......7......B.x.$..?l..M..e0.L.!...+.F.w`|.9z.%...A<.j..A.1.|s~..p.....r.o.....#...x..b.X'...S.R.YZ.".Ai...qI.s6Z&i.G.:.*.....Y.r...`.6..o...?5.........".......l... ..{\..8..I...T(h.....[......q....U.....0..pm.........X5/.3...>.....?m.~z....g...RX...H..B@..M.T^..^3...A....j.n.li.g.Z.....n[B..m.1.miR.a.+...8.u.....-.8.C..3.......U..'....r....']3C..m..k;l...3..;h,.Q...v

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Anybody

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):123904
                                                                                                                                                                                                                                                                          Entropy (8bit):6.696121468639712
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:b2UDQWf05mjccBiqXvpgF4qv+32eOyKODOSpQSAZ:6UDtf0accB3gBmmLsiS+SAZ
                                                                                                                                                                                                                                                                          MD5:C89FD1314A2184D5D7B4A66DE377D5B2
                                                                                                                                                                                                                                                                          SHA1:F0EBBC2C8C6F9EBADC6ACE713AEC1B06F3F841E8
                                                                                                                                                                                                                                                                          SHA-256:9D1E82E2E430B87B28867FF9745A74E53A128671E9D300F111B1904786C2F856
                                                                                                                                                                                                                                                                          SHA-512:4B0B16E99D0CACAB0B7AF1D65CBF9226988752D8FA020B955BF54C634D9D64A05BB036EF590FA0D852D513621A84F4C3DC3C341AA8FEFFDF350DD8A5DBC75778
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.U...,S..M.VW.}.3..P.3.E.jN[.D...u..]..E.O...f9X..E.G.......E.H....E..........@.f;.......f;E.u...u4IG..f..A..v...f;E.t.f;E.t.f;E.u...._^[..F.r...N.l.....t...U..QQV...E.....3..E.W....tn.....FP.P...Y..ua..3.S.]....V....+tVH...tLf9.Vt....VP.h...Y..t.k.....E.....V.....B..3...f9.Vu....M..E...[_^..2......M..B...U..Vj.....D..Y.u........F....F.....^]...U....SVW.}...3.j.A.G.[.M..@.f9X...V......e....d....;.........m.....h.............:.t...uY..:.t...uS..:.........uI..]...;Z.~L..u>..;Z..A.U.B.U...u1.M...d....@...;...H..._^[.....P0.P0.P0.P0.@0..j.h.....:...U..Q...SVW.13.....M.x>..>.+....S..s...0.u......YY..x.~..{..M.;.~.;....._^[.....s.......V..~..t..~..Wu..~.........F.._.N.^.N..y...t.Q......~..F....V...(..j.V.=C..YY..^...U..V..W.F...........}.S..........j.[9_...4..................[.N.....4..._..^]...U..QSVW...G...................u?.u..~....O...j.Y9N..........6........../...O..........._^[.......................M...U..QQV..~..t..y......]..'...E....F.....^..U....SVW..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Campbell

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (515), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):11619
                                                                                                                                                                                                                                                                          Entropy (8bit):5.184884477970318
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:YumLtVRO6Ny6FVAQjj20mdO7VVafUKi4y7WhBom3byypU+3AFcAEif/kRj13J2po:YLrRO6Nv3jmc7/af1o7g2T+3AFX/kRj5
                                                                                                                                                                                                                                                                          MD5:E7567EC4057933FA6E06322B7C08B72A
                                                                                                                                                                                                                                                                          SHA1:4E733E77915C7DFB7D25E31738E9D596962D4177
                                                                                                                                                                                                                                                                          SHA-256:1896EF25A6223F19F770DA125A4B1BC7C90815CCB682EC7CA780D231A01C28B0
                                                                                                                                                                                                                                                                          SHA-512:D8A14E5C8225AD8BDBB45317FD41588C12E9E60F1C9FF819D0D15CBC35801B82E7C7981B7DBC815666354950A7F5362FC00765F8A67C9478BD95DC5A31B12C83
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Set Meter=l..NiYfEarn-Evaluations-Default-Theoretical-Monitor-Summary-..umDCharacteristics-Bg-Browser-..oNWhite-Thereby-Sustainable-Forbidden-Surgeons-Policies-..AotYRibbon-Ma-Acids-Ppc-Helen-Kinase-Farming-Costume-..GLkmFp-Complicated-Hazardous-Pre-Connections-Nude-Yr-Leu-..xMWbChrome-Automobile-Promote-Golf-Changed-Proportion-..Set Richardson=L..LLRg-Yellow-Relatively-Passes-True-Deny-Draw-Condos-..WzlNSenate-Squad-England-Positions-Insider-Parameters-Doctors-..QHAgNeural-Loving-Haven-Father-Mortgages-..gtDYResumes-Grass-Rj-Mere-Files-Kissing-Orlando-Skilled-Lovely-..PUJDocumented-Believed-Lender-Specs-..tuSecretariat-Porno-Philadelphia-Msgstr-Needs-Seconds-..mIkGlossary-Trigger-Athens-Symptoms-Pulse-Motorcycle-Fall-Affairs-..NQPHThat-Erotic-Mud-Rhode-Determining-Handmade-Ten-..uFtUThose-Specified-Emotions-Anthony-Wed-Mixing-Albany-..BlSensors-Different-..Set Joy=e..jOeRom-Kills-Summaries-Brunei-Surrounded-Enable-Malpractice-Dr-..hHArea-Lenses-Considering-Polyphonic-Mounting-..QnwVen

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Campbell.cmd (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (515), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):11619
                                                                                                                                                                                                                                                                          Entropy (8bit):5.184884477970318
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:YumLtVRO6Ny6FVAQjj20mdO7VVafUKi4y7WhBom3byypU+3AFcAEif/kRj13J2po:YLrRO6Nv3jmc7/af1o7g2T+3AFX/kRj5
                                                                                                                                                                                                                                                                          MD5:E7567EC4057933FA6E06322B7C08B72A
                                                                                                                                                                                                                                                                          SHA1:4E733E77915C7DFB7D25E31738E9D596962D4177
                                                                                                                                                                                                                                                                          SHA-256:1896EF25A6223F19F770DA125A4B1BC7C90815CCB682EC7CA780D231A01C28B0
                                                                                                                                                                                                                                                                          SHA-512:D8A14E5C8225AD8BDBB45317FD41588C12E9E60F1C9FF819D0D15CBC35801B82E7C7981B7DBC815666354950A7F5362FC00765F8A67C9478BD95DC5A31B12C83
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Set Meter=l..NiYfEarn-Evaluations-Default-Theoretical-Monitor-Summary-..umDCharacteristics-Bg-Browser-..oNWhite-Thereby-Sustainable-Forbidden-Surgeons-Policies-..AotYRibbon-Ma-Acids-Ppc-Helen-Kinase-Farming-Costume-..GLkmFp-Complicated-Hazardous-Pre-Connections-Nude-Yr-Leu-..xMWbChrome-Automobile-Promote-Golf-Changed-Proportion-..Set Richardson=L..LLRg-Yellow-Relatively-Passes-True-Deny-Draw-Condos-..WzlNSenate-Squad-England-Positions-Insider-Parameters-Doctors-..QHAgNeural-Loving-Haven-Father-Mortgages-..gtDYResumes-Grass-Rj-Mere-Files-Kissing-Orlando-Skilled-Lovely-..PUJDocumented-Believed-Lender-Specs-..tuSecretariat-Porno-Philadelphia-Msgstr-Needs-Seconds-..mIkGlossary-Trigger-Athens-Symptoms-Pulse-Motorcycle-Fall-Affairs-..NQPHThat-Erotic-Mud-Rhode-Determining-Handmade-Ten-..uFtUThose-Specified-Emotions-Anthony-Wed-Mixing-Albany-..BlSensors-Different-..Set Joy=e..jOeRom-Kills-Summaries-Brunei-Surrounded-Enable-Malpractice-Dr-..hHArea-Lenses-Considering-Polyphonic-Mounting-..QnwVen

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Conferencing

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):133120
                                                                                                                                                                                                                                                                          Entropy (8bit):6.13525351023848
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:QFfTut/Dde6u640ewy4Za9coRC2jfTq8QLeAg0Fuz08XvBNbjaAtsD:tt/Dd314V14ZgP0JaAOz04phdyD
                                                                                                                                                                                                                                                                          MD5:638E7812C5E9C55C5F339CC64D197B28
                                                                                                                                                                                                                                                                          SHA1:5EF8A953EF65AB7D0620A5D144F2C410E2A77A2F
                                                                                                                                                                                                                                                                          SHA-256:347A3459DD74AEA0A6B2F62955D1BC9BDB091BB66CA8A42274F7EBF310527FD8
                                                                                                                                                                                                                                                                          SHA-512:194B0D8799A83210968746C4D3E364EE512669E6080C6B3D215D97C141E8EF7F09152EA524691EFCD2276ACB1DC158FFD484E3F595DDF2CCEB690BD1996C8266
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..<......@..L0..|0..^t..I8Q.M....3.]...U..V.u....w...Q.E..E.....P...H....S...j...................@..L0..|0..^t..I8Q.M..+...3.]...U..V.u........Q.E..E.....P...H........j..................@..L0..|0..^t..I8Q.M.....3.]...U..V.u.......Q.E..E.....P...H.......j.............(......@..L0..|0..^t..I8Q.M..s...3.]...SVWj....j.......0y*...y..|7...L7.t..I8..A..|7...D7.t..@8.@.....+..4.I.......3.B..;.|.........9.t.B...;.~.3._^[.3.@..U..SVW.......................u7.............V.u...H.I...t!V............E...P....3.@.E...t.3..<.........Y...u..............P.......P............SP.v......_^[]...U..S.].V..W.C........0.9....{........r..C..p.....Y..;~.t..v....".....h..I....O.._^[]...U..VW.}...W........u..G..H....i.......3...........I._......^]...U..VW..j..g...g...&....U...Y.....J..N..B..F..B..F..B..F.....7_^]...V..W.>..t..O..3...j.W.....YYj.V.....YY_..^...U..QS.].........~#.u.........u..u.SP.\..YP..(M.......E.P.E.P.u..v.....taVWj$.y.....Y.O.....u..O...T)M..}.........;.t.P.....E...)M.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Debug

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):114688
                                                                                                                                                                                                                                                                          Entropy (8bit):6.560421732845139
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:NCThpmESv+AqVnBypIbv18mLthfhnueoMmOqDoioO5bLezW8:NCThp6vmVnjphfhnvO5bLezW8
                                                                                                                                                                                                                                                                          MD5:D9DAF89D86B32DF3D7DA7EC1CFBF7212
                                                                                                                                                                                                                                                                          SHA1:59E1BA3DD32168A3D79A9DA2626C99C52970A53E
                                                                                                                                                                                                                                                                          SHA-256:06F48747A4ACB2EE437D03A9E8331CCA5C76EE5684E118F491E4FAF7799ADCC4
                                                                                                                                                                                                                                                                          SHA-512:24D26B6112417D75915F08562AF53EB1BB7DDEF2E89E779DB52AE0F674EA8CE102984FA2628CEE5588C7DC34DF00A32497E49EE18F7259C51E4D1C855AB69A6C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..L$@.pJ.._^3.[..]...U.....E...T....@.SVW.0.....m....F..L$.Q.0....I..]....u:....s...#.3.B.S....H..|9...D9.t..@8.P..|9...D9.t..@8.@...$P....I..|$,3..t$0....r...C......3.{._^3.[..]...U.....E........@.SV..0..W3.......F...$....Q.0....I.............$.....D$D..$.....D$H..$.....D$<..$.....D$@..$.....D$4..$....Q.D$<....I..]..{..v..C..H...U.......tS...t'.D$4.D$L.D$8.D$P.D$4PP....I..D$.P.D$8.L.D$<.D$L.D$@.D$P.D$<PP....I..D$.P.D$@.%.D$D.D$L.D$H.D$P.D$DPP....I..D$.P.D$H.5..I.P..{...D$.........C..H..zT.......t..D$.P.D$PP........t........D$...........tA..D$.P..D$ P..D$"P..D$$P..D$&P..D$&P..D$(P..$....h4{L.P......$.6..D$.P..D$.P..D$ P..D$"P..D$"P..D$$P.D$|hDzL.P..... .M..D$dP.9........M..;....\$........Qj.V......L$..D$pQhl{L.P.n.......D$d.L$TP..=..P.L$$. ...j.j..D$(PV.5.......L$ .ip...L$T.XG....D$..t{L.P.D$hWP.........D$d.L$TP..<..P.L$$.....j.j..D$(PV.........L$ ..p...L$T..G....D$.P.D$hWP........D$d.L$TP.r<..P.L$$.{...j.j..D$(PV........L$ ..o...L$T.F....D$.P.D$hWP.y.......D$d.L$TP."<.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Discs

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):69632
                                                                                                                                                                                                                                                                          Entropy (8bit):7.997344187879081
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:1536:oirK8ql4kgHb4nGpb4kT8K+AzjGeY7oG7H+L45/orwahlHxU:oieW7IGptgaKo0RoDlHxU
                                                                                                                                                                                                                                                                          MD5:00646A2066D51D9790F52BAE3C446C87
                                                                                                                                                                                                                                                                          SHA1:EBDA2B25B5A46CC6D9D5494050CC4B3A0BF81984
                                                                                                                                                                                                                                                                          SHA-256:57AFAB1CEC987DA27F5E92BAA6DC21D83F8C83EDF734FC590313102E75844C3A
                                                                                                                                                                                                                                                                          SHA-512:A74C02ED1B704912A8945E60CACC892F7E832E5CF15C87632B0FD3CBF9DDD8F36B01A5BA87FD7EF87D6BECBB297161BB69DC750B8DAC6F952892D45CD95F46F0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.TC..x..Z..z....4...a.....|.u.,'2..9.....jw.....z..F%94[......Mo.K.....a.5+..?.7.a.1..M....|..)...Vg1..(dv.....!....gC:X..+..]<.... ...$=o\(.E..]Y?Kt...c .0....]....&.:.|.).1R.1.g'... .I..$.3fb..w..M....r.2...+I.fb.@uc$.R...A..%>E..1\.T.{...~.,.h.R..Z..G.E....?.v7i.~.e.Y.F.w.f.H.5....|q.....&j....:....R.4..'.f.!..CvT..U..7.W..Tg...p.w.9....k).......si2._.&..j.k....\.g&#..!x-...w./...i"L/!6..+...oZ.C..y.~....M.....!L...B.2.\T....s...3w...b..........%^..3.VM....3.Vg.nj.i f.w{.7.^v.$d..+?F....?.Z7..y.e.T.<..d....l.w....'.....u.....Ck...^p...Rlr.V..?6........3......J0...X.q;....mo..H..` ...`!.>.EBK.T..W.E(.....t...6..K..N.....7w33........=.......&.._.h..T.j.5a...p.....j's.*M...+......h....8-!....:.c.|..`a" .~M5.J.\Z....J..Gmq..w...d..`c..`......-..My5...n.4..l!...BqX.{..{.3..j..DJ7.C.*T..^...o...T.....p....Gc..<[.....{7G.%....1.%.l..C....i.H5....4..C....uT.gd....4$^.X.e.E.~hg0f..^....K.U.....(J.+..F.w......C.....J..^....J...D.......[....s

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Dod

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3386
                                                                                                                                                                                                                                                                          Entropy (8bit):7.608467285191016
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:wIuzfJFFy4EDzHy5Xz+ppo+zAbQ6YhbBwGKGP5h3g:wISVSWMZMQ3rw
                                                                                                                                                                                                                                                                          MD5:682D77B5A6D22691A869AB4BEA11AD53
                                                                                                                                                                                                                                                                          SHA1:F56FAB8959A05C77570652F5F8E9E4103489E676
                                                                                                                                                                                                                                                                          SHA-256:C269725998F8F5ACDAB6A0067457065CC9059326EE0A38FF353C2939A0190C1B
                                                                                                                                                                                                                                                                          SHA-512:C42D04178ED59683FC4597B83496D7B3C61C1A075B4542ABB491C9639531F9737D70AE4172186FD6A3450C26701D794496BD4AE0F5E50DB8A3818CD78ED7FD27
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:L...SL.....IUOu..oJ..j....0N..s.^....}K.,..k...Y7..,.E..n.u....[/..=}..0...{|...Q.....0.QV`.|.="...$S'...H.',y.<.....>.J.!.b...0....H'|.uB.k..k...X4...P..{...H.+U..% ..Q..c...lraJ..C..W..<.....1.....@l ..-...m..q.R!.>...9..../z ......-....j..<.....SM.GY|..CA.%.,.~.....}....`r@P. .CD..... Y.x.j.".0..G0../.........@B@.."..lq.0...*.H........0L1 0...U....GlobalSign Root CA - R31.0...U....GlobalSign1.0...U....GlobalSign0...190220000000Z..290318100000Z0L1 0...U....GlobalSign Root CA - R61.0...U....GlobalSign1.0...U....GlobalSign0.."0...*.H.............0...........s.f....{<....E.,..H..[<...A.3..o..*...k.......Q.!.J..Z...M:...df....D.s.N..Oxc...PmBf/M.y(MR........~..dL!.Ch.=<..f...1...m2..........cP.......y...*.p.{..mS.H|...8.f.wa~..<.....J..m......aw.Xt..#:.]:....]D-...W..~.P.c4.k...k6.9.$6.....W.....s..5.E...6.oT..rVn...QBD....8..NNZ.G..6Iw0.q7..!.u..a.?w.....l..Mt....9...^.........n....af.j..:e.Y..5...(....p....u..:......%....'YLv9[........

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Ejaculation

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):151552
                                                                                                                                                                                                                                                                          Entropy (8bit):5.143694165278638
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:TdKaj6iTcPAsAhxjgarB/5el3EYrDWyu0uF:Th6whxjgarB/5elDWy4F
                                                                                                                                                                                                                                                                          MD5:2E9E29F8ED97F2DE8EBB1652BDBD545A
                                                                                                                                                                                                                                                                          SHA1:5577D360B25DAFFA0AF907FC5D852894B784F81D
                                                                                                                                                                                                                                                                          SHA-256:AEB399054CFF321F752D4F93143815FF1A2CC2398668C2E1110065A2C6F502F1
                                                                                                                                                                                                                                                                          SHA-512:F4F925DAF3F576441D2B7A0E250A51400B23E714D76870A640734912DA783D83AC113586F121161D96D7F06EB70B8D89EB4E0524D591232B0B2A342063E8BCB6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:............r.......r...............................................r.....................r...........r.r...................r.......r.........r.r.r.r.r.r.r.....r.r.r.r.r.r.r...r.........r.r.....................r.....r.r.r.r.r.r.r.r.r.r.r.r.r.r.......r.................r.......r...................................................................................r.r.................r.......r...........r.r.r.r.r.r.r.r...r.r.r.r.r.r.r.r.........r.r.................................r.r.r...............r.r.....r.....................................r.r.r.................................................r...................r...r.r...............r.r.r...r.r.r.r.............r...r.................r.r.r.r.r.r.....................r.r.......r.r.r.r.r.r.r.r.r.r.r.r.....................................................................................................................r.r.r.r................................. .!.!.!.!.!.!.!.!.!.!. . .r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Execution

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):114688
                                                                                                                                                                                                                                                                          Entropy (8bit):6.675787508464099
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:9nVIPPBxT/sZydTmRxlHS3NxrHSBRtNPnj0nE0:9VIPPL/sZ7HS3zcNPj0nE0
                                                                                                                                                                                                                                                                          MD5:42FB34DDB94507C5A125BF02C2983904
                                                                                                                                                                                                                                                                          SHA1:4E400C020121235E3DE490F5CBB38C4A25E686DC
                                                                                                                                                                                                                                                                          SHA-256:D59EFEA25D1E316B8A9248F52081AB14113C97603F3E90D533F4F373F743B3C7
                                                                                                                                                                                                                                                                          SHA-512:639D90CD1CD451EBCB9E5E1C165F7EEBB62B30D6BF24C596990CA40E08BCE5D0B5864E7A4F0A83624C7CF9AC4EC5C1E7385F59602B206F3346554D62721CD71D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..=....u .............................}...$t&..@t!..`t.......r.......v.......s.3........;E...9....E.M.@.E.;...m.................}..E..........]....F|.E.;...l..........}....}...E.t6.E..%....=....u%......................}.....E.......U.............L.........E.,K.......K..F|.M.;..........E.}..........t-..%....=....u...G.......%....................U.............L.........E.,K.......K............1L.t....<p.E.}..;...w......E.u..].}........t ;.r.;.....v..Fh..............A...M.A.M.;M........M.U..E.......}...G............3A...$...E..}..E........|.N|;........V...t..u.F.PQ.............:....,.V....+.;.w f..f;F4u..........f.G.f;F6.............t1.G.;F|r).~..u#.~..u.f..f;F4u..Fh..............@...N|....}.;.s.f.......f#.....f;.u.....}..E.@.E.;E...7.........}......;........N|.E.;...........}.;.s$f...E.....f#E..E.....f;E.E.u.....}.B;.~......F|..}.+.;...-......M.}......}..E..........s....F|;...v............}.%......=....u!............%...............}.....w*t....tD.A.......

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Genre

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):90112
                                                                                                                                                                                                                                                                          Entropy (8bit):7.997966981425173
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:1536:ju/rDNkncHkrP9rRrANgBdCQYqZ7yhjYP/G9ye4nMRuU/DpFracF+l72Jxj6tU:jANkncHA9NpCQzeencyjFUrpFracC2F
                                                                                                                                                                                                                                                                          MD5:5CE4409C4AAA9FD5A27EC4974734F1DF
                                                                                                                                                                                                                                                                          SHA1:BF7EE5465EF96EE0186388B5B0685AD727ED9493
                                                                                                                                                                                                                                                                          SHA-256:A401B4CD0AFBAEE57D8025BF4FCE12583C825CBC2E3D3F308EB0627CD5BBA412
                                                                                                                                                                                                                                                                          SHA-512:1155B1C58221BA1C809D9D60CD440EBD8788DCD3169EE87BDA72FB7061B1E2F849F8BC79AC7053DF5DE8BC7955DB088DF778AF66900D6F303BDE6D61925014E6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:IP......W..%..s..^.C...A../.~..tHs.....6.2..X.{-?n.sI....U.UiP.J...@...t..f....P..o.*m.+..-6..).JC..x.D..{5:.-T...:Au.}..+.....<fN..c`R*HV.........f..L...@.x...../..,..H$.......T8....$ym.h8...@v9....;W......b.S..<....x".0f.z.~.W.7....J......K...:"..4Aa.G.b.z....%...>. ...q:..k\.]O...BU.......%.(......0v....I.....&<Do..X.{g.o..j#.w..4.6.6."~j....O..s............{.6.).b.I8/....zQph~..{..(.(..L....e..$.*..R.g"|.Kll`....'yS.`.Sz9.s..\.D...Y..QNn.?#!..4...Ay.n.....(.F....f2.P...Q.o..s...5...=!.`.w....{j..>s!]|.]..5.h.T.(.@...B3........x.....BS..3..B.z.tZ.m.H,...x..5.i.Gl..v.@`.0.t@....,0...[.5.T....i...V...x..}.xW..~.....:.....v..cI.)...-..sHC...mK......xE.\*.8u./....qU....9.....+..x.MR].F...q..G<RoV.....?w..0...-...O.}....g..>....y...%8..s....WDx0...w...bLx9%.s.P,+a.....kL...q.....D..h....M._.C*......Y.M....r\....*...*...z...Fi....op....4..9..H..U[._..n..e.....,.J.3."...u.-....F.SGsM...H4*5|.v[.....8..D..)|.,NwpM.\..)_.tT.\;....)yg.h.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Marijuana

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):59392
                                                                                                                                                                                                                                                                          Entropy (8bit):6.7675117089438706
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:To2+9BGmdATGODv7xvTphAiPChgZ2kOEb:TNoGmROL7F1G7ho2kO6
                                                                                                                                                                                                                                                                          MD5:D830821FE60D6CD810FB9EC7102838F3
                                                                                                                                                                                                                                                                          SHA1:9264B78903FA373E0A1B697CC056DECC1DFAFB5F
                                                                                                                                                                                                                                                                          SHA-256:00A96AC0E8600A9FA0A00EF1F939B58BE93618C4FE4E3BE9D0BFAB0A4A0FF57D
                                                                                                                                                                                                                                                                          SHA-512:2A8E2BB9D599964CA112AACBB0FDA37C01466898A7AF5D7C8543013949B0BC6E5665402692A1072845B1A72211D350963C608A81A7C3450C19A56A948CED5D4D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:>x....7..C.....#.G..J....-.".Z{{.Uw..(.J...p.I.6..Q...!.i...<4....N..mP.~.....M...tttX.e...g.....".7..L..H..+... ..G....v.......^....#..d29.....9y... O..a.7.<.....8O..s.......e..q..DDU.o....S...D.......pQ......6.=<...E.........P...".g.z.....91.M.5.B......{...q>;..WE...d.~~.}.....+".GN{.~....xxw..Zk....F...z.X.e...x<.......I3....p`.......=.........h...nH...K5..!.....U.CU....h..x.p?....Z...w..}I.=2@:......-U.C.W.....x.x.V!..>C..T......'..E..."Uu....?.u.Am.fc/.l.1...p.T..Tg.8....:.<{d..t.[....T.g....=..s....y`.<.....%".T..8...v.l.'....A&..V....x+.:2..~G....."r.^...#.......<....MC80...=<HO{.+...@.h.c;8<.vJ...(./....x....y.w..F.......2...;;x.p.7f...oj. O....p..*.7...H$.=._\.;*.._Q.?.Y.oG.grh(.S..H.B^`..=CDHF[x.`.GG:.L3.T....W....B......0.#.......G.t...:.....q...P?..u..tU..a...h../.../--.2....zz...o.X..'o0...l..2........../....d.L....wg.....D.]DF.M8wBK...]i...WO.dln.U.V..;...0.:2...g~U....5....z..T.$"_...0........!..........z.|...Gv...K7.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Mj

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):99328
                                                                                                                                                                                                                                                                          Entropy (8bit):7.998576390696709
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:1536:cD6KkwPhsASDYs8rp/KWY8Xr1OWgxQFn/LbctRaCiUO7QOZg2hc9nW0iH:c+KVhtSQzY8713n/H+O7rGW0K
                                                                                                                                                                                                                                                                          MD5:FF77A17E4CADE79760F0F8B87C857C6C
                                                                                                                                                                                                                                                                          SHA1:B05075D65229AF0063E6E85DA14AB940062818DD
                                                                                                                                                                                                                                                                          SHA-256:CC8A9523B67F764E447CD5042751E1DE77B04FFC5664E6F5C41D1C3CCE0EC60D
                                                                                                                                                                                                                                                                          SHA-512:6DF97DCB14736D2F0CE9762B7246050B488E054375C78F42294119D80CACEDCF53F4B3868B7A4C948DD7B1F9545B4135F5BD5ED69611424129CAE63A372994D0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:K....A.h..j..X.Tr.dxRn-.3.N..+[...#.v5.>.".y....oA.....;.W.T7....B.u3.y.=....c.t...i.....>...Rj@H....,'..l. .\+.^.l.mE.W..).....,]...J..r..m...~...O........."H.>.=P..8...+.L.}.M...[.CLM-V...&\.3..o@..{.DtN.>.........mCE.../..R..\..t.H.OgefD.Y..w.....F........B.-.....|B......4%.:K..^....|.. X.l.s..M.Q.|.......+-..i......s.O...;.Y.<......[.Z..d.R.>.l.b.M.=.[k..k@...m.Z..........XP.C."....1,."...1........l.Iz%.......b.>...$^kr.+.Wk.l.~a.........^..;~....wvN..N......:...p.\..h2Yi....F..Sw1I.mf..7..t.}....."..;..,\...A.JB..S[.T....H..g..&..o;..I.;N..c..P`9.[....c.R{[...1.:..A.O.*.....0...VuY.....y..b...O.a.D...\[..66Og.....h.T..z...ZEoN.VA.DQ.`._.....R.X.c:......b..9X{...eNP.x4.......S..O....%..z'..Q.,...q. ....y..4........h.......B.8..zu.L.0Ja.:.q.Q.I....8I..u..sN|....z...7.........O..5.._vb]...WD7EF.S.o......"`.......`....q.....r>.......!ar.`.r.F7g9.|....Oea.hX.S.'0i=......Lfx.L.A0..kMbP.[}.{..Z.oP..|xs...!..s.@.>....$0.S.1.E......;.7..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Mysterious

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):91136
                                                                                                                                                                                                                                                                          Entropy (8bit):7.998131058926633
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:1536:2Ifwsyt1Vj+tpNuEroTuyisZj6b3nlPw2gIPNBcYxZA+eGth3WQjR7:LIDDctDt/jsZAn1w23NB/dJWKR
                                                                                                                                                                                                                                                                          MD5:BEEF30C9A0C6A41985E081CD4FF23049
                                                                                                                                                                                                                                                                          SHA1:4E09FFAF608BAF3A98CD94794CB7CC23E41C3086
                                                                                                                                                                                                                                                                          SHA-256:FC64F325CDD473ADB5B7C15221F7B2773A064395612EFF9AD1C76FA973A6738A
                                                                                                                                                                                                                                                                          SHA-512:EC71CDB716B684B241A2FA2BCA84CBCED9AA86BA0954009DC003EF1F80640C01D49911EC6E031E9F8E8139D30BF5A77D7A79EE38F66B8FD43A6E4F957CB8E1CA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.I..!.`x...yh.b.g.?._...H....A(i..zL.....dW..|w:,EP.F+.K0y..d...p.[...=.........w.......6o...Z........KU...l..'...bkMJ....lI.....F..Yd..r1UXQW.i...p..Z.<..E.v.Gl....).C.'.v.F..}B.B...v....e..\....-....;M...}.....N....l..9..4i_u..fYC..e.q...rq._..X........S...0.B.`...L.V.l.`o1!4M"......K.....4.R.....".<q....=.J....#i.Q...6&.....{....NH..}..u(m..+@........{.....xI.}(....xK..M.Tq>:..+<m~......1..rX...tK...*.3Yl...KX......U*.......,.......5...9.....o..7..&..~.s....N4..U..X.Y.N}`e....2.j..9..'eZQ...i......_K...?..W.z..TULSh..l8..<R..x.....U.~c.J.l.xqHo..?...Jl.@.W..k.0QQ[.......q/..ri.5M..e%}.@.. .].....J.=d.%.....1s.l.l..{4-I.u..A.-..nm..>.6.?pG...+6........:.|....D.S..S.1...5?...--}....k]I..oy..8....~!..+..)..z...0...6p<.#2.....d...q..#.,M,.X.....Vbq.OEE._1l...0.$.c..yYr.%....l......*.E....&...v.........6~b.'..E......-*........H.V.z...jQ..M..>.H ..\..*.e.vk...e.7......|....e..'.%...z..n...u...$j&.I...U.H...s[..T.....p.Q/..w..\.Z....e.Fh.T.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Producing

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):72704
                                                                                                                                                                                                                                                                          Entropy (8bit):6.689808554469509
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:xI7P4Cxi8q0vQEcmFdni8yDGVFE5gOHu1CwCMIBZwneAJu7Y:e4CE0Imbi80PtCZEk
                                                                                                                                                                                                                                                                          MD5:AA4D881EA35979E4EAB13C982D3D0898
                                                                                                                                                                                                                                                                          SHA1:CF301086D6E43E603571762FBC7D754F0246FB74
                                                                                                                                                                                                                                                                          SHA-256:31D85BEBE7949C9B7B40AF007FBBE61C8CD6C25F8E4FC7DCFE9B7DCD8A1D79E7
                                                                                                                                                                                                                                                                          SHA-512:F64491753F2CF57B72740CA91F10C2BD677219BC89BF86D2476A8567CF83955F986A481C92D19BEF9C466438AF97D071686EA2FC496C5E477C900568F129B5F6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.......f..L$..T$......T$.....T$...$......D$.....f..T$.f..D$.f.~.f.s. f.~...........t.......d$.U.........$..~<$.........~|$.f...f.(.f.T..AJ.f....BJ.........U...f./..BJ.snf./..BJ.......f.(.f.Y.f.(.f.Y.f.(-pBJ.f.Y.f.X-`BJ.f.Y.f.X-PBJ.f.Y.f.X-@BJ...Y.f.(.f......X...Y...\.f..|$..D$..f./..BJ.......f.(.f.Y.f.(.f.Y.f.(-0BJ.f.Y.f.X- BJ.f.Y.f.X-.BJ.f.Y.f.X-.BJ.f.Y.f.X-.AJ.f.Y.f.X-.AJ.f.Y.f.X-.AJ.f.Y.f.X-.AJ...Y.f.(.f......X...Y...\.f..|$..D$....~.f.W.f./..BJ.sO..~..BJ...~-.BJ...~...X.f.s.,f...f.~..@..~,.p.J...~...\...Y...X..BJ...^.f............~...~..BJ...^.f.....~..`.J...~$.h.J.f.(.f.Y.f.(.f.Y.f.(-pBJ.f.Y.f.X-`BJ.f.Y.f.X-PBJ.f.Y.f.X-@BJ...Y.f.(.f......X...Y...\...\...\.f.V.f..D$..D$..f./..BJ.u..D$..f./..BJ.s....BJ....BJ......$..$....D$.....BJ....BJ..D$....~...~..AJ.f.T.f...z..D$.......BJ....AJ...D$..........U.........$..~.$.......f..D$.f..%.CJ.f....CJ.f.W.f....CJ.....f.s.,f.~....... ..f.............#.-....=............Y........\...Q.f.T.........f...Up.J.f.V.f.($.p.J.......X...\...Y..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Receiving

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):62464
                                                                                                                                                                                                                                                                          Entropy (8bit):7.9971672365789415
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:768:ttBffnhuy/kWZ4KmEvLGxvyj85XqOlWChh7diY+BChE2u0W5zqirJebuswzA:ttBHnhuyXNwvouXqO93diTn2u0NOeizA
                                                                                                                                                                                                                                                                          MD5:8D5CF0056A8BE7CA1485969FC23F72A5
                                                                                                                                                                                                                                                                          SHA1:5727BC17CD958D06B1E7D52C8D38A761A1AE2BF2
                                                                                                                                                                                                                                                                          SHA-256:BD1B00DEA1CDDB3345443A35AE3B71883443722EDBB48016F829AC500F5F505B
                                                                                                                                                                                                                                                                          SHA-512:B0F5FB69A565FC9690F307175C606CE9F9484BC309AC00B8A359CB6B77D19A938052EC584919A256FDB7C0B1557E155B414090B771432ACB9419102F794B61EC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.v..........^...F.y`.QLu..Eu...(.]6S./..B}..M./.5.7.....@:../;.h..S......x....*...^...9......=.....;....l.G.A.>E.=..{.[.~..<b%....N..V..~W...ed_..PqM)d%.........Hg...CB...Y...&....ON].....[X......[...H.P.M....+.D...'.....1.Plu.zRg2.!4..^...h....[\....!Y.6u..........E..q.,W.jv..i..I......`.........2.?;(...P7ap..6.e...w...W..tI...3.S.....j....B.B...v.Q..4...R~....y1.9l{^.V.s..@.x.3.N......-w...B..{\:_......,t.O2.L\m2'..J.e...Y..d.*...^.p.Z...^.K.p3i..:.L.<...1T...#...V.Ey37.h7./......^}.c1..[.N...\..9D...?..b...tz.E`.w........B.=..uB..=.3.....8../.g.i.sv....+...M...9#i.r..e..U.R.1.-K.....|.;.U.y..N.-~.j.|F.....Nyn..Qd2..@...d..\....9R..=...K0+..2.....`...&>..\..]; .*.X,....+..........+....!.....e.......l....>.m..P .\..dIO...bB.^.ph'..6.Ll...3...<..D..Q....nv.~...h.jm.....L.}7.s.k].j7..H....0...j#.&.=.H..DY..j.&..dD.......wH.X....=st.H.b.#M;..L.C.I.6..#4a^3.i........Z..{2c..8.w...9O.G../;.a.l.h..n..".%.t.A.}Dc.s.nNa...M...w..p%Al\.$WV.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Solely

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):107520
                                                                                                                                                                                                                                                                          Entropy (8bit):6.2684070117846975
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:pg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laG:a5vPeDkjGgQaE/lx
                                                                                                                                                                                                                                                                          MD5:2FADD2BF6F3CDC055416BAA1528652E9
                                                                                                                                                                                                                                                                          SHA1:342D96C7CE7B431E76C15C9A7386C2A75E3DC511
                                                                                                                                                                                                                                                                          SHA-256:8DF18D17C715E689B9CB222BEB699120B592464460FD407DBB14F59CCEC5FDB3
                                                                                                                                                                                                                                                                          SHA-512:08BC19703DAD1441E1DA8FB011C42241A4C90D8355575B7F41D465E3E84D797ECAC7D6BF9AF6163E6F4EF506CD98561F62D06446F861AEBA2D7644BEB7F6ABB8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:....T)M........t.Q......T)M..... ...`)M...T)M.;5d)M.u....|.....8.u.N...5d)M...X)M.^...v..D...8.t.]...I..X)M.j..4......T)M.YY..X)M..$....X)M....v..T)M...x)M....t)M...T...V..Np......NT....N$....N....h....V.C...YY..^...U..VW.}.........M...tF.E.S..t.;.....uH.^.....Q.........;...a...........h....V......E.YY..t.[j.j..7..X.I._^].....u.........M...t...6..V..j..N..V..F..4......F.YY.N.^.$...SVW..j._..l...............u.Nl.....N(...h....V.U...YY_..^[...U...u...(M......U...t...@)M.......y..u&...)M...u...M.........Qj..u...x.I.].....)M...U...u...(M..H.....@)M.......q.P.....j..u.j..u...x.I.]...U..M....t.W.}.........._]...V..4.I...(M.P..........t...@)M...j.....0.....^...U....SVW.}..E.P..7....I..E.l....E...p....E.PV..x.I..M.E.;.t...u.;.x...uw.s..5..I.......f#.j.f.E.X.s.....E...u.f......f#.j.X...f.M..E.;.|..........}..t...|...;.......;....}..t......._^[.....}....t.....x.....s.......U......(M.V.u.WV.......@)M.....8..........;u.........M...E......Q.u.j V..x.I._^....U....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Sunrise

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):63488
                                                                                                                                                                                                                                                                          Entropy (8bit):6.678836431320186
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:ECX4aVmoJiKwtk2ukC5HRu+OoQjz7nts/M26N7oKzYkBvRmLOy:fXnmowS2u5hVOoQ7t8T6pUkBJRy
                                                                                                                                                                                                                                                                          MD5:9E4FE1F2538C08F75AE16A3E349C9EF2
                                                                                                                                                                                                                                                                          SHA1:559879228568B2F405400B34DFB19E59F139FA2C
                                                                                                                                                                                                                                                                          SHA-256:22CE756672ACA3A4BA015903B4C36E7667E15C73157759E5A2212E7D4E727CC0
                                                                                                                                                                                                                                                                          SHA-512:A1F6BF183C590CC62000DDDB0FEA63BAE2BDC30FCE8EBFA24286B9FB8B2415C67B2363F739D36B32CC7B477E608397EFBE45173173AA3F27ED44E9B75448B9EC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.{..C..C..C..C..C...u..u......{(......C8.....x............E.3.P.C(.u.Pj.V.C.P..X.I...x..u........9s........C..@.......}.........j.....I.h.pL.W...{.....I.....tn.........xj.e...E.PhT.J..C.P...xC.M...t<...U.R.S(Rj.Q.P...x..}..t..u....]....{..u..C..@...E.P...Q....C........C./...V....I....C.T..._^..[....V..N...(pL...t...Q.P....F....N...t...Q.P.j<V...YY..^...U..E...8P..D.I.]...U..E..H...t..u....u..u..u..u.Q.P.....@..]...U..S..M.j..S.."...Y..x4.}...C(u.VW.d.J......._^..P.u...\.I...y..C......C.........C.[]...U..E..H...t..u....u..u.Q.P.....@..]...U..E..H...t..u...Q.P.....@..]...U..VW.}...........F.Phd.J.W....W.P._^]...U..E..H...t .u(...u$.u .u..u..u..u..u.Q.P.....@..].$.U.............V..h....P.v.....I...tkW.~.Wj.......P..4.I...xHj.......P.7..0.I...x..F......%j.......P.7..,.I...x..F........F......F....J....F._....@...F.^..U..E..H...t..u....u.Q......@..]...U..V.u..F8P..@.I...u...t.Q......3.^]...U..QV..~..t_.F..M.QP...R...xN.~..u..M..q...A..q.P..A.PQ..(.I.. .~..u..M..q...A..q.P.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Veterinary

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2852
                                                                                                                                                                                                                                                                          Entropy (8bit):5.490446063863794
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:I9n9mTsCNvEQH5O5U1nPKrhBzM1FoMPhfq1koCqxLVJcd2u+MAyKnFHbgk:0SEA5O5W+MfH5S1CqlVJcI6mlb/
                                                                                                                                                                                                                                                                          MD5:6F07C56590CB57E03B68F9E2F994390C
                                                                                                                                                                                                                                                                          SHA1:AEE254034B1F3394A97304C8DFBAE1911440E2C0
                                                                                                                                                                                                                                                                          SHA-256:1772CFD25C5DEB74DACC6FC88AA8793A74C89A81452B27E886CA49557BA32D84
                                                                                                                                                                                                                                                                          SHA-512:0AF18E6D07C161A5088CEC9A56654C9F661AC003F0E22B68B6DBFE2920BB344F4D9A1326C261957C2309BB44DCB39453630F33068A057A1A6C2960EDFBD39001
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Anchor........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B..........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3321344
                                                                                                                                                                                                                                                                          Entropy (8bit):6.669190192316632
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:4H4UHZS6XhbB2fkGdMdOGyHZS8+bD9sP9:NUHtXhbB2fkGdzHeb5s
                                                                                                                                                                                                                                                                          MD5:F82416BCF25171CCFDA8E9325C3A92DC
                                                                                                                                                                                                                                                                          SHA1:9DB33361A9CB34B352A9FE17EA06A659B247BBBC
                                                                                                                                                                                                                                                                          SHA-256:3D8BD5D204EF586F2958455A4F57CD493580978C83C34759839DCDD5E4D9F120
                                                                                                                                                                                                                                                                          SHA-512:4A79426596EB08F2DFEFA5F9B635196C163055E3336915607CB350265729FC4B054E9CB2F5B76BCA236601F6493B671033ED0CA142136CCF6318918437D46087
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................2...........@...........................2.....dB3...@.................................W...k...........................0.2...............................2..................................................... . ............................@....rsrc...............................@....idata ............................@...jxvuvlsp..+.......+.................@...mchtvxnx......2.......2.............@....taggant.0....2.."....2.............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):26
                                                                                                                                                                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                          Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                          MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                          SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                          SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                          SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs-1.js

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9814
                                                                                                                                                                                                                                                                          Entropy (8bit):5.509477009799862
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:nnPOeRnHYbBp60J0aX+H6SEXK5kHWNBw8d4Sl:PPeZJUapHEwX0
                                                                                                                                                                                                                                                                          MD5:E9636FFB0164DCCFF40E71161DEE28B2
                                                                                                                                                                                                                                                                          SHA1:B9DFF535D4F8EE7B85B7DEE3CEB0C8DD9A531505
                                                                                                                                                                                                                                                                          SHA-256:7A219883BE303A7DDBA80B22D3BAD3B6B926410EC748F37FCB2C3E68515C00A4
                                                                                                                                                                                                                                                                          SHA-512:8150AD985EFF51342D20CB0D491DB6F673F0CA0DBC82FE2736DC2D0C8F5985458BE5DFB31A015B5ECCC7CA6CAF54D6AB3AA388527362FB3E3BDD9C1E9697C2D6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9814
                                                                                                                                                                                                                                                                          Entropy (8bit):5.509477009799862
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:nnPOeRnHYbBp60J0aX+H6SEXK5kHWNBw8d4Sl:PPeZJUapHEwX0
                                                                                                                                                                                                                                                                          MD5:E9636FFB0164DCCFF40E71161DEE28B2
                                                                                                                                                                                                                                                                          SHA1:B9DFF535D4F8EE7B85B7DEE3CEB0C8DD9A531505
                                                                                                                                                                                                                                                                          SHA-256:7A219883BE303A7DDBA80B22D3BAD3B6B926410EC748F37FCB2C3E68515C00A4
                                                                                                                                                                                                                                                                          SHA-512:8150AD985EFF51342D20CB0D491DB6F673F0CA0DBC82FE2736DC2D0C8F5985458BE5DFB31A015B5ECCC7CA6CAF54D6AB3AA388527362FB3E3BDD9C1E9697C2D6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):90
                                                                                                                                                                                                                                                                          Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):90
                                                                                                                                                                                                                                                                          Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                          C:\Windows\Tasks\skotes.job

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):290
                                                                                                                                                                                                                                                                          Entropy (8bit):3.4429304011967936
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:V2pIZTX55ZsUEZ+lX1CGdKUe6tFXqYEp5t/uy0lDyct0:V2mZTuQ1CGAFifXVDvt0
                                                                                                                                                                                                                                                                          MD5:DD182F809EEE3AC07945D52BDB1283AF
                                                                                                                                                                                                                                                                          SHA1:EFF965DB5E9E06C5C3C6B27CA940B2986181D707
                                                                                                                                                                                                                                                                          SHA-256:36E9A64E43500B7FC1C13108C65919A2A27CAA67800DB4E92084A9A27758034E
                                                                                                                                                                                                                                                                          SHA-512:4F63EB16750221E70B9FFEF7AF1F65D539FB7987DF19D9F0287FBA00DA4DD437D35D47582E1998FEA331296CBB16069A39F7DE2C7D49CB465BC4AC9E1DC43B4D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.....[.GJ..N..E)..@.F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0...................@3P.........................

                                                                                                                                                                                                                                                                          C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                          File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1835008
                                                                                                                                                                                                                                                                          Entropy (8bit):4.422093893698179
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:SSvfpi6ceLP/9skLmb0OTCWSPHaJG8nAgeMZMMhA2fX4WABlEnNA0uhiTw:hvloTCW+EZMM6DFyq03w
                                                                                                                                                                                                                                                                          MD5:EABCDE363A1E198BFBB4A97A52E6A911
                                                                                                                                                                                                                                                                          SHA1:8724DE5A3522BCF30856110313D2999D2C350FAC
                                                                                                                                                                                                                                                                          SHA-256:29B1E227AABC9433C3DF714E45452DE375EE6821984DDBFB124F89861B64BD6B
                                                                                                                                                                                                                                                                          SHA-512:F77559C2D3E37BE74AF63EF26E8F9001E9BFAFEA4E14880DCEDB22B433D736B6428419179D044BFC77190560AA998702E787BAAC87F843D1ED6EE225DDFCD968
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm2....S..............................................................................................................................................................................................................................................................................................................................................HZ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Entropy (8bit):6.669190192316632
                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                          File name:file.exe
                                                                                                                                                                                                                                                                          File size:3'321'344 bytes
                                                                                                                                                                                                                                                                          MD5:f82416bcf25171ccfda8e9325c3a92dc
                                                                                                                                                                                                                                                                          SHA1:9db33361a9cb34b352a9fe17ea06a659b247bbbc
                                                                                                                                                                                                                                                                          SHA256:3d8bd5d204ef586f2958455a4f57cd493580978c83c34759839dcdd5e4d9f120
                                                                                                                                                                                                                                                                          SHA512:4a79426596eb08f2dfefa5f9b635196c163055e3336915607cb350265729fc4b054e9cb2f5b76bca236601f6493b671033ed0ca142136ccf6318918437d46087
                                                                                                                                                                                                                                                                          SSDEEP:49152:4H4UHZS6XhbB2fkGdMdOGyHZS8+bD9sP9:NUHtXhbB2fkGdzHeb5s
                                                                                                                                                                                                                                                                          TLSH:3BF54B93A505F5DBD88A13F6ADA7CD826B9C0BB84B3048C3997C657ABD73CC211B6C14
                                                                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

                                                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                                                          Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Entrypoint:0x72b000
                                                                                                                                                                                                                                                                          Entrypoint Section:.taggant
                                                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                          Time Stamp:0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
                                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                                          OS Version Major:6
                                                                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                                                                          File Version Major:6
                                                                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                                                                          Subsystem Version Major:6
                                                                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                                                                          Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                                          jmp 00007F8F4CC88FBAh
                                                                                                                                                                                                                                                                          jl 00007F8F4CC88FE8h
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          jmp 00007F8F4CC8AFB5h
                                                                                                                                                                                                                                                                          add byte ptr [edi], al
                                                                                                                                                                                                                                                                          or al, byte ptr [eax]
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], dl
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [edx], al
                                                                                                                                                                                                                                                                          or al, byte ptr [eax]
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [edi], al
                                                                                                                                                                                                                                                                          or al, byte ptr [eax]
                                                                                                                                                                                                                                                                          add byte ptr [edx], al
                                                                                                                                                                                                                                                                          or al, byte ptr [eax]
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [ecx], cl
                                                                                                                                                                                                                                                                          add byte ptr [eax], 00000000h
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          adc byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add eax, 0000000Ah
                                                                                                                                                                                                                                                                          add byte ptr [eax], al

                                                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x6a0570x6b.idata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x5d4.rsrc
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x329d300x10jxvuvlsp
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x329ce00x18jxvuvlsp
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                          0x10000x680000x68000529fb6f749426d86280e16cd0f35cc15False0.5534268892728366data7.068382572685461IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                          .rsrc0x690000x5d40x6001e55db351164df1643ae87d7efa3ee0fFalse0.4303385416666667data5.417125179370491IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                          .idata 0x6a0000x10000x200cc76e3822efdc911f469a3e3cc9ce9feFalse0.1484375data1.0428145631430756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                          jxvuvlsp0x6b0000x2bf0000x2bee00b335dbe829d45e8a62cdf00a20b04ae4unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                          mchtvxnx0x32a0000x10000x6007ffaddfaa31a95590590c9b195d1a9e0False0.5787760416666666data5.075466134628369IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                          .taggant0x32b0000x30000x2200a38095784b93ebb1ce320da9e678a5c5False0.06927849264705882DOS executable (COM)0.7125094163210706IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                          RT_MANIFEST0x690700x3e4XML 1.0 document, ASCII text0.48092369477911645
                                                                                                                                                                                                                                                                          RT_MANIFEST0x694540x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                                          kernel32.dlllstrcpy

                                                                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                                                          Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                                          Start time:14:15:01
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                                          Imagebase:0xeb0000
                                                                                                                                                                                                                                                                          File size:3'321'344 bytes
                                                                                                                                                                                                                                                                          MD5 hash:F82416BCF25171CCFDA8E9325C3A92DC
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                                                          Start time:14:15:04
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x6c0000
                                                                                                                                                                                                                                                                          File size:3'321'344 bytes
                                                                                                                                                                                                                                                                          MD5 hash:F82416BCF25171CCFDA8E9325C3A92DC
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.2139236518.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                          • Detection: 55%, ReversingLabs
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                                                          Start time:14:15:04
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          Imagebase:0x6c0000
                                                                                                                                                                                                                                                                          File size:3'321'344 bytes
                                                                                                                                                                                                                                                                          MD5 hash:F82416BCF25171CCFDA8E9325C3A92DC
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.2137416563.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                                                          Start time:14:16:00
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                                          Imagebase:0x6c0000
                                                                                                                                                                                                                                                                          File size:3'321'344 bytes
                                                                                                                                                                                                                                                                          MD5 hash:F82416BCF25171CCFDA8E9325C3A92DC
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                                                                          Start time:14:16:10
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x360000
                                                                                                                                                                                                                                                                          File size:555'008 bytes
                                                                                                                                                                                                                                                                          MD5 hash:D6D3AB7208760962B95BE3EEB224C1AC
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000007.00000002.3125830482.00000000031A4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                                                                                          Start time:14:16:10
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                                                                                          Start time:14:16:11
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1019552001\EUCyhuW.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x360000
                                                                                                                                                                                                                                                                          File size:555'008 bytes
                                                                                                                                                                                                                                                                          MD5 hash:D6D3AB7208760962B95BE3EEB224C1AC
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.2887885665.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.2889042019.0000000000EAA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.2913722505.0000000000EA9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.2887992510.0000000000EA9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.2887459258.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.2913252442.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                                                                          Start time:14:16:11
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 304
                                                                                                                                                                                                                                                                          Imagebase:0xdc0000
                                                                                                                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                                                                                                          Start time:14:16:21
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1019557001\SurveillanceWalls.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                          File size:1'294'445 bytes
                                                                                                                                                                                                                                                                          MD5 hash:5A909C9769920208ED3D4D7279F08DE5
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:15
                                                                                                                                                                                                                                                                          Start time:14:16:21
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\cmd.exe" /c move Campbell Campbell.cmd & Campbell.cmd
                                                                                                                                                                                                                                                                          Imagebase:0x790000
                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                                                                                          Start time:14:16:21
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:17
                                                                                                                                                                                                                                                                          Start time:14:16:22
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:tasklist
                                                                                                                                                                                                                                                                          Imagebase:0x9f0000
                                                                                                                                                                                                                                                                          File size:79'360 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                                                                                          Start time:14:16:22
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                                                                                                                                          Imagebase:0xf00000
                                                                                                                                                                                                                                                                          File size:29'696 bytes
                                                                                                                                                                                                                                                                          MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:19
                                                                                                                                                                                                                                                                          Start time:14:16:23
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:tasklist
                                                                                                                                                                                                                                                                          Imagebase:0x9f0000
                                                                                                                                                                                                                                                                          File size:79'360 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:20
                                                                                                                                                                                                                                                                          Start time:14:16:23
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                                          Imagebase:0xf00000
                                                                                                                                                                                                                                                                          File size:29'696 bytes
                                                                                                                                                                                                                                                                          MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:21
                                                                                                                                                                                                                                                                          Start time:14:16:23
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:cmd /c md 370821
                                                                                                                                                                                                                                                                          Imagebase:0x790000
                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:22
                                                                                                                                                                                                                                                                          Start time:14:16:23
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:findstr /V "Anchor" Veterinary
                                                                                                                                                                                                                                                                          Imagebase:0xf00000
                                                                                                                                                                                                                                                                          File size:29'696 bytes
                                                                                                                                                                                                                                                                          MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:23
                                                                                                                                                                                                                                                                          Start time:14:16:23
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:cmd /c copy /b ..\Genre + ..\Mj + ..\Discs + ..\Receiving + ..\Mysterious + ..\Aka w
                                                                                                                                                                                                                                                                          Imagebase:0x790000
                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:24
                                                                                                                                                                                                                                                                          Start time:14:16:23
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\370821\Sale.com
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:Sale.com w
                                                                                                                                                                                                                                                                          Imagebase:0x780000
                                                                                                                                                                                                                                                                          File size:947'288 bytes
                                                                                                                                                                                                                                                                          MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:25
                                                                                                                                                                                                                                                                          Start time:14:16:24
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                                          Imagebase:0x3c0000
                                                                                                                                                                                                                                                                          File size:28'160 bytes
                                                                                                                                                                                                                                                                          MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:26
                                                                                                                                                                                                                                                                          Start time:14:16:27
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1019563001\hYW0tgm.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1019563001\hYW0tgm.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x690000
                                                                                                                                                                                                                                                                          File size:302'080 bytes
                                                                                                                                                                                                                                                                          MD5 hash:B251CF9E14AA07B1A2E506AD4EE0028C
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:27
                                                                                                                                                                                                                                                                          Start time:14:16:36
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1019594001\17ce3a84e4.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x380000
                                                                                                                                                                                                                                                                          File size:2'668'544 bytes
                                                                                                                                                                                                                                                                          MD5 hash:87330F1877C33A5A6203C49075223B16
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                          • Detection: 18%, ReversingLabs
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:28
                                                                                                                                                                                                                                                                          Start time:14:16:44
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe"
                                                                                                                                                                                                                                                                          Imagebase:0xe00000
                                                                                                                                                                                                                                                                          File size:776'832 bytes
                                                                                                                                                                                                                                                                          MD5 hash:AFD936E441BF5CBDB858E96833CC6ED3
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                          • Detection: 68%, ReversingLabs
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:29
                                                                                                                                                                                                                                                                          Start time:14:16:44
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:30
                                                                                                                                                                                                                                                                          Start time:14:16:49
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1019595001\412ec13ac5.exe"
                                                                                                                                                                                                                                                                          Imagebase:0xe00000
                                                                                                                                                                                                                                                                          File size:776'832 bytes
                                                                                                                                                                                                                                                                          MD5 hash:AFD936E441BF5CBDB858E96833CC6ED3
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.3598848162.0000000001138000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.3466744227.0000000001176000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.3479771297.0000000001138000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.3468708215.0000000001123000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.3593252563.000000000111D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:31
                                                                                                                                                                                                                                                                          Start time:14:16:52
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1019596001\580c9354ec.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x440000
                                                                                                                                                                                                                                                                          File size:1'845'760 bytes
                                                                                                                                                                                                                                                                          MD5 hash:26F1B241A64F088FA3113C4587F12D50
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001F.00000003.3614760975.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001F.00000003.3572256199.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001F.00000003.3803442222.00000000011AA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:32
                                                                                                                                                                                                                                                                          Start time:14:17:02
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe"
                                                                                                                                                                                                                                                                          Imagebase:0xa50000
                                                                                                                                                                                                                                                                          File size:2'914'304 bytes
                                                                                                                                                                                                                                                                          MD5 hash:C4B3E529888B95D857AB1B2E80B1521E
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000020.00000003.3308819951.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000020.00000002.3942624190.0000000000A51000.00000040.00000001.01000000.00000012.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000020.00000002.3929798314.000000000094E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000020.00000002.3929798314.000000000094E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:33
                                                                                                                                                                                                                                                                          Start time:14:17:11
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x3e0000
                                                                                                                                                                                                                                                                          File size:970'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:3D0A0F60AC258C89AFDFD9F471DBF8F7
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:34
                                                                                                                                                                                                                                                                          Start time:14:17:16
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                          Imagebase:0x850000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:35
                                                                                                                                                                                                                                                                          Start time:14:17:16
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:36
                                                                                                                                                                                                                                                                          Start time:14:17:16
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1019597001\9f6ea82062.exe"
                                                                                                                                                                                                                                                                          Imagebase:0xa50000
                                                                                                                                                                                                                                                                          File size:2'914'304 bytes
                                                                                                                                                                                                                                                                          MD5 hash:C4B3E529888B95D857AB1B2E80B1521E
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000024.00000002.4203714163.0000000000A51000.00000040.00000001.01000000.00000012.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000024.00000003.3428194939.00000000052B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000024.00000002.4260064567.00000000015FB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:37
                                                                                                                                                                                                                                                                          Start time:14:17:18
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:39
                                                                                                                                                                                                                                                                          Start time:14:17:19
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1916,i,5817995298996924960,10670888794113214286,262144 /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:40
                                                                                                                                                                                                                                                                          Start time:14:17:19
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                          Imagebase:0x850000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:41
                                                                                                                                                                                                                                                                          Start time:14:17:19
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:42
                                                                                                                                                                                                                                                                          Start time:14:17:21
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                          Imagebase:0x850000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:43
                                                                                                                                                                                                                                                                          Start time:14:17:21
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:44
                                                                                                                                                                                                                                                                          Start time:14:17:21
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1019599001\5936bfa4af.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x190000
                                                                                                                                                                                                                                                                          File size:2'788'864 bytes
                                                                                                                                                                                                                                                                          MD5 hash:F2F8D2D15D376C6CD78647595E4328CA
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:45
                                                                                                                                                                                                                                                                          Start time:14:17:22
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                          Imagebase:0x850000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:46
                                                                                                                                                                                                                                                                          Start time:14:17:22
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:47
                                                                                                                                                                                                                                                                          Start time:14:17:24
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                          Imagebase:0x850000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:48
                                                                                                                                                                                                                                                                          Start time:14:17:24
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:49
                                                                                                                                                                                                                                                                          Start time:14:17:25
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:50
                                                                                                                                                                                                                                                                          Start time:14:17:25
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1019598001\51ecf08926.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x3e0000
                                                                                                                                                                                                                                                                          File size:970'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:3D0A0F60AC258C89AFDFD9F471DBF8F7
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:51
                                                                                                                                                                                                                                                                          Start time:14:17:25
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:52
                                                                                                                                                                                                                                                                          Start time:14:17:25
                                                                                                                                                                                                                                                                          Start date:21/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                            Execution Coverage:4.5%
                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                            Signature Coverage:3.7%
                                                                                                                                                                                                                                                                            Total number of Nodes:762
                                                                                                                                                                                                                                                                            Total number of Limit Nodes:13
                                                                                                                                                                                                                                                                            execution_graph 11381 ee6629 11384 ee64c7 11381->11384 11385 ee64d5 __fassign 11384->11385 11386 ee6520 11385->11386 11389 ee652b 11385->11389 11388 ee652a 11395 eea302 GetPEB 11389->11395 11391 ee6535 11392 ee654a __fassign 11391->11392 11393 ee653a GetPEB 11391->11393 11394 ee6562 ExitProcess 11392->11394 11393->11392 11396 eea31c __fassign 11395->11396 11396->11391 11401 ebb1a0 11402 ebb1f2 11401->11402 11403 ebb3ad CoInitialize 11402->11403 11404 ebb3fa shared_ptr __floor_pentium4 11403->11404 11739 eb20a0 11740 ecc68b __Mtx_init_in_situ 2 API calls 11739->11740 11741 eb20ac 11740->11741 11902 eb3fe0 11903 eb4022 11902->11903 11904 eb408c 11903->11904 11905 eb40d2 11903->11905 11908 eb4035 __floor_pentium4 11903->11908 11909 eb35e0 11904->11909 11915 eb3ee0 11905->11915 11910 eb3616 11909->11910 11914 eb364e Concurrency::cancel_current_task shared_ptr __floor_pentium4 11910->11914 11921 eb2ce0 11910->11921 11912 eb369e 11912->11914 11930 eb2c00 11912->11930 11914->11908 11916 eb3f48 11915->11916 11920 eb3f1e 11915->11920 11917 eb3f58 11916->11917 11918 eb2c00 3 API calls 11916->11918 11917->11908 11919 eb3f7f 11918->11919 11919->11908 11920->11908 11922 eb2d1d 11921->11922 11923 ecbedf InitOnceExecuteOnce 11922->11923 11924 eb2d46 11923->11924 11925 eb2d51 __floor_pentium4 11924->11925 11926 eb2d88 11924->11926 11937 ecbef7 11924->11937 11925->11912 11928 eb2440 4 API calls 11926->11928 11929 eb2d9b 11928->11929 11929->11912 11931 eb2c0e 11930->11931 11950 ecb847 11931->11950 11933 eb2c49 11933->11914 11934 eb2c42 11934->11933 11956 eb2c80 11934->11956 11936 eb2c58 std::_Throw_future_error 11938 ecbf03 std::_Throw_future_error 11937->11938 11939 ecbf6a 11938->11939 11940 ecbf73 11938->11940 11944 ecbe7f 11939->11944 11942 eb2ae0 5 API calls 11940->11942 11943 ecbf6f 11942->11943 11943->11926 11945 eccc31 InitOnceExecuteOnce 11944->11945 11946 ecbe97 11945->11946 11947 ecbe9e 11946->11947 11948 ee6cbb 4 API calls 11946->11948 11947->11943 11949 ecbea7 11948->11949 11949->11943 11951 ecb854 11950->11951 11955 ecb873 Concurrency::details::_Reschedule_chore 11950->11955 11959 eccb77 11951->11959 11953 ecb864 11953->11955 11961 ecb81e 11953->11961 11955->11934 11967 ecb7fb 11956->11967 11958 eb2cb2 shared_ptr 11958->11936 11960 eccb92 CreateThreadpoolWork 11959->11960 11960->11953 11962 ecb827 Concurrency::details::_Reschedule_chore 11961->11962 11965 eccdcc 11962->11965 11964 ecb841 11964->11955 11966 eccde1 TpPostWork 11965->11966 11966->11964 11968 ecb817 11967->11968 11969 ecb807 11967->11969 11968->11958 11969->11968 11971 ecca78 11969->11971 11972 ecca8d TpReleaseWork 11971->11972 11972->11968 12208 eb4120 12209 eb416a 12208->12209 12210 eb3ee0 3 API calls 12209->12210 12211 eb41b2 Concurrency::details::_ContextCallback::_CallInContext __floor_pentium4 12209->12211 12210->12211 12212 ebaf20 12213 ebaf63 12212->12213 12224 ee6660 12213->12224 12218 ee663f 4 API calls 12219 ebaf80 12218->12219 12220 ee663f 4 API calls 12219->12220 12221 ebaf98 __cftof 12220->12221 12230 eb55f0 12221->12230 12223 ebb04e shared_ptr __floor_pentium4 12225 eea671 __fassign 4 API calls 12224->12225 12226 ebaf69 12225->12226 12227 ee663f 12226->12227 12228 eea671 __fassign 4 API calls 12227->12228 12229 ebaf71 12228->12229 12229->12218 12231 eb5610 12230->12231 12231->12231 12233 eb5710 __floor_pentium4 12231->12233 12234 eb22c0 12231->12234 12233->12223 12237 eb2280 12234->12237 12238 eb2296 12237->12238 12241 ee87f8 12238->12241 12244 ee7609 12241->12244 12243 eb22a4 12243->12231 12245 ee7649 12244->12245 12249 ee7631 ___std_exception_copy __floor_pentium4 12244->12249 12246 ee690a __fassign 4 API calls 12245->12246 12245->12249 12247 ee7661 12246->12247 12250 ee7bc4 12247->12250 12249->12243 12252 ee7bd5 12250->12252 12251 ee7be4 ___std_exception_copy 12251->12249 12252->12251 12257 ee8168 12252->12257 12262 ee7dc2 12252->12262 12267 ee7de8 12252->12267 12277 ee7f36 12252->12277 12258 ee8178 12257->12258 12259 ee8171 12257->12259 12258->12252 12286 ee7b50 12259->12286 12261 ee8177 12261->12252 12263 ee7dcb 12262->12263 12264 ee7dd2 12262->12264 12265 ee7b50 4 API calls 12263->12265 12264->12252 12266 ee7dd1 12265->12266 12266->12252 12268 ee7e09 ___std_exception_copy 12267->12268 12270 ee7def 12267->12270 12268->12252 12269 ee7f69 12275 ee7f77 12269->12275 12276 ee7f8b 12269->12276 12294 ee8241 12269->12294 12270->12268 12270->12269 12272 ee7fa2 12270->12272 12270->12275 12272->12276 12290 ee8390 12272->12290 12275->12276 12298 ee86ea 12275->12298 12276->12252 12278 ee7f69 12277->12278 12279 ee7f4f 12277->12279 12280 ee8241 4 API calls 12278->12280 12284 ee7f77 12278->12284 12285 ee7f8b 12278->12285 12279->12278 12281 ee7fa2 12279->12281 12279->12284 12280->12284 12282 ee8390 4 API calls 12281->12282 12281->12285 12282->12284 12283 ee86ea 4 API calls 12283->12285 12284->12283 12284->12285 12285->12252 12287 ee7b62 12286->12287 12288 ee8ab6 4 API calls 12287->12288 12289 ee7b85 12288->12289 12289->12261 12292 ee83ab 12290->12292 12291 ee83dd 12291->12275 12292->12291 12302 eec88e 12292->12302 12295 ee825a 12294->12295 12309 eed3c8 12295->12309 12297 ee830d 12297->12275 12297->12297 12299 ee8707 12298->12299 12300 ee875d __floor_pentium4 12298->12300 12299->12300 12301 eec88e __cftof 4 API calls 12299->12301 12300->12276 12301->12299 12305 eec733 12302->12305 12304 eec8a6 12304->12291 12306 eec743 12305->12306 12307 ee690a __fassign GetPEB ExitProcess GetPEB RtlAllocateHeap 12306->12307 12308 eec748 __cftof ___std_exception_copy 12306->12308 12307->12308 12308->12304 12310 eed3ee 12309->12310 12311 eed3d8 ___std_exception_copy 12309->12311 12310->12311 12312 eed485 12310->12312 12313 eed48a 12310->12313 12311->12297 12315 eed4ae 12312->12315 12316 eed4e4 12312->12316 12322 eecbdf 12313->12322 12318 eed4cc 12315->12318 12319 eed4b3 12315->12319 12339 eecef8 12316->12339 12335 eed0e2 12318->12335 12328 eed23e 12319->12328 12323 eecbf1 12322->12323 12324 ee690a __fassign GetPEB ExitProcess GetPEB RtlAllocateHeap 12323->12324 12325 eecc05 12324->12325 12326 eecef8 GetPEB ExitProcess GetPEB RtlAllocateHeap 12325->12326 12327 eecc0d __alldvrm __cftof ___std_exception_copy _strrchr 12325->12327 12326->12327 12327->12311 12331 eed26c 12328->12331 12329 eed2a5 12329->12311 12330 eed2de 12332 eecf9a GetPEB ExitProcess GetPEB RtlAllocateHeap 12330->12332 12331->12329 12331->12330 12333 eed2b7 12331->12333 12332->12329 12334 eed16d GetPEB ExitProcess GetPEB RtlAllocateHeap 12333->12334 12334->12329 12337 eed10f 12335->12337 12336 eed14e 12336->12311 12337->12336 12338 eed16d GetPEB ExitProcess GetPEB RtlAllocateHeap 12337->12338 12338->12336 12340 eecf10 12339->12340 12341 eecf75 12340->12341 12342 eecf9a GetPEB ExitProcess GetPEB RtlAllocateHeap 12340->12342 12341->12311 12342->12341 12084 eb9ba5 12085 eb9ba7 12084->12085 12086 eb5c10 6 API calls 12085->12086 12087 eb9cb1 12086->12087 12088 eb8b30 6 API calls 12087->12088 12089 eb9cc2 12088->12089 11742 eb9ab8 11744 eb9acc 11742->11744 11745 eb9b08 11744->11745 11746 eb5c10 6 API calls 11745->11746 11747 eb9b7c 11746->11747 11748 eb8b30 6 API calls 11747->11748 11749 eb9b8d 11748->11749 11750 eb5c10 6 API calls 11749->11750 11751 eb9cb1 11750->11751 11752 eb8b30 6 API calls 11751->11752 11753 eb9cc2 11752->11753 11397 eb87b2 11398 eb87b8 GetFileAttributesA 11397->11398 11399 eb87b6 11397->11399 11400 eb87c4 11398->11400 11399->11398 11754 eb42b0 11757 eb3ac0 11754->11757 11756 eb42bb shared_ptr 11758 eb3af9 11757->11758 11761 eb3c38 11758->11761 11762 eb3b39 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ 11758->11762 11767 eb32d0 11758->11767 11760 eb32d0 6 API calls 11764 eb3c5f 11760->11764 11761->11760 11761->11764 11762->11756 11763 eb3c68 11763->11756 11764->11763 11786 eb3810 11764->11786 11768 ecc6ac GetSystemTimePreciseAsFileTime 11767->11768 11774 eb3314 11768->11774 11769 eb336b 11770 ecc26a 5 API calls 11769->11770 11771 eb333c __Mtx_unlock 11770->11771 11773 ecc26a 5 API calls 11771->11773 11775 eb3350 __floor_pentium4 11771->11775 11776 eb3377 11773->11776 11774->11769 11774->11771 11790 ecbd4c 11774->11790 11775->11761 11777 ecc6ac GetSystemTimePreciseAsFileTime 11776->11777 11778 eb33af 11777->11778 11779 ecc26a 5 API calls 11778->11779 11780 eb33b6 __Cnd_broadcast 11778->11780 11779->11780 11781 ecc26a 5 API calls 11780->11781 11782 eb33d7 __Mtx_unlock 11780->11782 11781->11782 11783 ecc26a 5 API calls 11782->11783 11784 eb33eb 11782->11784 11785 eb340e 11783->11785 11784->11761 11785->11761 11787 eb381c 11786->11787 11799 eb2440 11787->11799 11793 ecbb72 11790->11793 11792 ecbd5c 11792->11774 11794 ecbb9c 11793->11794 11795 eccf6b _xtime_get GetSystemTimePreciseAsFileTime 11794->11795 11798 ecbba4 __Xtime_diff_to_millis2 __floor_pentium4 11794->11798 11796 ecbbcf __Xtime_diff_to_millis2 11795->11796 11797 eccf6b _xtime_get GetSystemTimePreciseAsFileTime 11796->11797 11796->11798 11797->11798 11798->11792 11802 ecb5d6 11799->11802 11801 eb2472 11803 ecb5f1 std::_Throw_future_error 11802->11803 11804 ee8bec __fassign 4 API calls 11803->11804 11806 ecb658 __fassign __floor_pentium4 11803->11806 11805 ecb69f 11804->11805 11806->11801 12090 eb77b0 12091 eb77f1 shared_ptr 12090->12091 12092 eb5c10 6 API calls 12091->12092 12094 eb7883 shared_ptr 12091->12094 12092->12094 12093 eb5c10 6 API calls 12096 eb79e3 12093->12096 12094->12093 12095 eb7953 shared_ptr __floor_pentium4 12094->12095 12097 eb5c10 6 API calls 12096->12097 12098 eb7a15 shared_ptr 12097->12098 12099 eb5c10 6 API calls 12098->12099 12104 eb7aa5 shared_ptr __floor_pentium4 12098->12104 12100 eb7b7d 12099->12100 12101 eb5c10 6 API calls 12100->12101 12102 eb7ba0 12101->12102 12103 eb5c10 6 API calls 12102->12103 12103->12104 12105 eb87b0 12106 eb87b8 GetFileAttributesA 12105->12106 12107 eb87b6 12105->12107 12108 eb87c4 12106->12108 12107->12106 12172 eb2170 12175 ecc6fc 12172->12175 12174 eb217a 12176 ecc70c 12175->12176 12177 ecc724 12175->12177 12176->12177 12179 eccfbe 12176->12179 12177->12174 12180 ecccd5 __Mtx_init_in_situ InitializeCriticalSectionEx 12179->12180 12181 eccfd0 12180->12181 12181->12176 12182 ebad70 12184 ebaec0 shared_ptr __floor_pentium4 12182->12184 12185 ebaddc shared_ptr 12182->12185 12185->12184 12186 ee8ab6 12185->12186 12187 ee8ad1 12186->12187 12188 ee8868 4 API calls 12187->12188 12189 ee8adb 12188->12189 12189->12185 12343 eb8d30 12344 eb8d80 12343->12344 12345 eb5c10 6 API calls 12344->12345 12346 eb8d9a shared_ptr __floor_pentium4 12345->12346 12109 ec47b0 12111 ec4eed 12109->12111 12110 ec4f59 shared_ptr __floor_pentium4 12111->12110 12112 eb7d30 7 API calls 12111->12112 12113 ec50ed 12112->12113 12148 eb8380 12113->12148 12115 ec5106 12116 eb5c10 6 API calls 12115->12116 12117 ec5155 12116->12117 12118 eb5c10 6 API calls 12117->12118 12119 ec5171 12118->12119 12154 eb9a00 12119->12154 12149 eb83e5 __cftof 12148->12149 12150 eb5c10 6 API calls 12149->12150 12153 eb8403 shared_ptr __floor_pentium4 12149->12153 12151 eb8427 12150->12151 12152 eb5c10 6 API calls 12151->12152 12152->12153 12153->12115 12155 eb9a3f 12154->12155 12156 eb5c10 6 API calls 12155->12156 12157 eb9a47 12156->12157 12158 eb8b30 6 API calls 12157->12158 12159 eb9a58 12158->12159 11875 eb4276 11876 eb2410 5 API calls 11875->11876 11877 eb427f 11876->11877 11973 eba9f4 11982 eb9230 11973->11982 11975 ebaa03 shared_ptr 11976 eb5c10 6 API calls 11975->11976 11981 ebaab3 shared_ptr __floor_pentium4 11975->11981 11977 ebaa65 11976->11977 11978 eb5c10 6 API calls 11977->11978 11979 ebaa8d 11978->11979 11980 eb5c10 6 API calls 11979->11980 11980->11981 11985 eb9284 shared_ptr 11982->11985 11983 eb5c10 6 API calls 11983->11985 11984 eb9543 shared_ptr __floor_pentium4 11984->11975 11985->11983 11986 eb944f shared_ptr 11985->11986 11986->11984 11987 eb5c10 6 API calls 11986->11987 11989 eb979f shared_ptr 11986->11989 11987->11986 11988 eb98b5 shared_ptr __floor_pentium4 11988->11975 11989->11988 11990 eb5c10 6 API calls 11989->11990 11991 eb9927 shared_ptr __floor_pentium4 11990->11991 11991->11975 11811 eb3c8e 11812 eb3c98 11811->11812 11814 eb3ca5 11812->11814 11819 eb2410 11812->11819 11815 eb3ccf 11814->11815 11816 eb3810 4 API calls 11814->11816 11817 eb3810 4 API calls 11815->11817 11816->11815 11818 eb3cdb 11817->11818 11820 eb2424 11819->11820 11823 ecb52d 11820->11823 11831 ee3aed 11823->11831 11826 ecb5a5 ___std_exception_copy 11838 ecb1ad 11826->11838 11827 ecb598 11834 ecaf56 11827->11834 11830 eb242a 11830->11814 11842 ee4f29 11831->11842 11833 ecb555 11833->11826 11833->11827 11833->11830 11835 ecaf9f ___std_exception_copy 11834->11835 11837 ecafb2 shared_ptr 11835->11837 11848 ecb39f 11835->11848 11837->11830 11839 ecb1d8 11838->11839 11841 ecb1e1 shared_ptr 11838->11841 11840 ecb39f 5 API calls 11839->11840 11840->11841 11841->11830 11843 ee4f2e __fassign 11842->11843 11843->11833 11844 eed634 __fassign 4 API calls 11843->11844 11847 ee8bfc ___std_exception_copy 11843->11847 11844->11847 11845 ee65ed __fassign 3 API calls 11846 ee8c2f 11845->11846 11847->11845 11849 ecbedf InitOnceExecuteOnce 11848->11849 11850 ecb3e1 11849->11850 11851 ecb3e8 11850->11851 11859 ee6cbb 11850->11859 11851->11837 11860 ee6cc7 __fassign 11859->11860 11861 eea671 __fassign 4 API calls 11860->11861 11862 ee6ccc 11861->11862 11863 ee8bec __fassign 4 API calls 11862->11863 11864 ee6cf6 11863->11864 11878 ee6a44 11879 ee6a5c 11878->11879 11880 ee6a52 11878->11880 11883 ee698d 11879->11883 11882 ee6a76 ___free_lconv_mon 11884 ee690a __fassign 4 API calls 11883->11884 11885 ee699f 11884->11885 11885->11882 11405 eb8780 11406 eb8786 11405->11406 11412 ee6729 11406->11412 11409 eb87a6 11411 eb87a0 11419 ee6672 11412->11419 11414 eb8793 11414->11409 11415 ee67b7 11414->11415 11416 ee67c3 __fassign 11415->11416 11418 ee67cd ___std_exception_copy 11416->11418 11435 ee6740 11416->11435 11418->11411 11420 ee667e __fassign 11419->11420 11422 ee6685 ___std_exception_copy 11420->11422 11423 eea8c3 11420->11423 11422->11414 11424 eea8cf __fassign 11423->11424 11427 eea967 11424->11427 11426 eea8ea 11426->11422 11429 eea98a 11427->11429 11429->11429 11430 eea9d0 ___free_lconv_mon 11429->11430 11431 eed82f 11429->11431 11430->11426 11432 eed83c __fassign 11431->11432 11433 eed867 RtlAllocateHeap 11432->11433 11434 eed87a 11432->11434 11433->11432 11433->11434 11434->11430 11436 ee6762 11435->11436 11438 ee674d ___std_exception_copy ___free_lconv_mon 11435->11438 11436->11438 11439 eea038 11436->11439 11438->11418 11440 eea050 11439->11440 11442 eea075 11439->11442 11440->11442 11443 ef0439 11440->11443 11442->11438 11444 ef0445 __fassign 11443->11444 11446 ef044d __dosmaperr ___std_exception_copy 11444->11446 11447 ef052b 11444->11447 11446->11442 11448 ef054d 11447->11448 11452 ef0551 __dosmaperr ___std_exception_copy 11447->11452 11448->11452 11453 ef00d2 11448->11453 11452->11446 11454 ef00e3 11453->11454 11456 ef0106 11454->11456 11464 eea671 11454->11464 11456->11452 11457 eefcc0 11456->11457 11458 eefd0d 11457->11458 11497 ee690a 11458->11497 11460 eeffbc __floor_pentium4 11460->11452 11461 eefd1c __cftof __fassign 11461->11460 11463 eec719 GetPEB ExitProcess GetPEB RtlAllocateHeap __fassign 11461->11463 11505 eeb67d 11461->11505 11463->11461 11465 eea67b __fassign 11464->11465 11466 eed82f __fassign RtlAllocateHeap 11465->11466 11468 eea694 __fassign ___free_lconv_mon 11465->11468 11466->11468 11467 eea722 11467->11456 11468->11467 11471 ee8bec 11468->11471 11472 ee8bf1 __fassign 11471->11472 11475 ee8bfc ___std_exception_copy 11472->11475 11477 eed634 11472->11477 11491 ee65ed 11475->11491 11478 eed640 __fassign 11477->11478 11479 eed81b __fassign 11478->11479 11480 eed726 11478->11480 11482 eed751 __fassign 11478->11482 11490 eed69c ___std_exception_copy 11478->11490 11481 ee65ed __fassign 3 API calls 11479->11481 11480->11482 11494 eed62b 11480->11494 11484 eed82e 11481->11484 11485 eea671 __fassign 4 API calls 11482->11485 11488 eed7a5 11482->11488 11482->11490 11485->11488 11487 eed62b __fassign 4 API calls 11487->11482 11489 eea671 __fassign 4 API calls 11488->11489 11488->11490 11489->11490 11490->11475 11492 ee64c7 __fassign 3 API calls 11491->11492 11493 ee65fe 11492->11493 11495 eea671 __fassign GetPEB ExitProcess GetPEB RtlAllocateHeap 11494->11495 11496 eed630 11495->11496 11496->11487 11498 ee692a 11497->11498 11499 ee6921 11497->11499 11498->11499 11500 eea671 __fassign 4 API calls 11498->11500 11499->11461 11501 ee694a 11500->11501 11510 eeb5fb 11501->11510 11506 eea671 __fassign 4 API calls 11505->11506 11507 eeb688 11506->11507 11508 eeb5fb __fassign 4 API calls 11507->11508 11509 eeb698 11508->11509 11509->11461 11511 eeb60e 11510->11511 11512 ee6960 11510->11512 11511->11512 11518 eef5ab 11511->11518 11514 eeb628 11512->11514 11515 eeb63b 11514->11515 11517 eeb650 11514->11517 11515->11517 11525 eee6b1 11515->11525 11517->11499 11519 eef5b7 __fassign 11518->11519 11520 eea671 __fassign 4 API calls 11519->11520 11522 eef5c0 __fassign 11520->11522 11521 eef606 11521->11512 11522->11521 11523 ee8bec __fassign 4 API calls 11522->11523 11524 eef62b 11523->11524 11526 eea671 __fassign 4 API calls 11525->11526 11527 eee6bb 11526->11527 11530 eee5c9 11527->11530 11529 eee6c1 11529->11517 11533 eee5d5 __fassign ___free_lconv_mon 11530->11533 11531 eee5f6 11531->11529 11532 ee8bec __fassign GetPEB ExitProcess GetPEB RtlAllocateHeap 11534 eee668 11532->11534 11533->11531 11533->11532 11535 eee6a4 11534->11535 11536 eea72e __fassign GetPEB ExitProcess GetPEB RtlAllocateHeap 11534->11536 11535->11529 11537 eee695 11536->11537 11538 eee4b0 __fassign GetPEB ExitProcess GetPEB RtlAllocateHeap 11537->11538 11538->11535 11645 eb20c0 11648 ecc68b 11645->11648 11647 eb20cc 11651 ecc3d5 11648->11651 11650 ecc69b 11650->11647 11652 ecc3eb 11651->11652 11653 ecc3e1 11651->11653 11652->11650 11654 ecc3be 11653->11654 11656 ecc39e 11653->11656 11664 eccd0a 11654->11664 11656->11652 11660 ecccd5 11656->11660 11658 ecc3d0 11658->11650 11661 ecc3b7 11660->11661 11662 eccce3 InitializeCriticalSectionEx 11660->11662 11661->11650 11662->11661 11665 eccd1f RtlInitializeConditionVariable 11664->11665 11665->11658 11666 ecd0c7 11667 ecd0d7 11666->11667 11668 ecd17f 11667->11668 11669 ecd17b RtlWakeAllConditionVariable 11667->11669 11670 ebe0c0 recv 11671 ebe122 recv 11670->11671 11672 ebe157 recv 11671->11672 11673 ebe191 11672->11673 11674 ebe2b3 __floor_pentium4 11673->11674 11679 ecc6ac 11673->11679 11686 ecc452 11679->11686 11681 ebe2ee 11682 ecc26a 11681->11682 11683 ecc292 11682->11683 11684 ecc274 11682->11684 11683->11683 11684->11683 11703 ecc297 11684->11703 11687 ecc47a __floor_pentium4 11686->11687 11688 ecc4a8 11686->11688 11687->11681 11688->11687 11692 eccf6b 11688->11692 11690 ecc4fd __Xtime_diff_to_millis2 11690->11687 11691 eccf6b _xtime_get GetSystemTimePreciseAsFileTime 11690->11691 11691->11690 11693 eccf7a 11692->11693 11695 eccf87 __aulldvrm 11692->11695 11693->11695 11696 eccf44 11693->11696 11695->11690 11699 eccbea 11696->11699 11700 eccbfb GetSystemTimePreciseAsFileTime 11699->11700 11702 eccc07 11699->11702 11700->11702 11702->11695 11706 eb2ae0 11703->11706 11705 ecc2ae std::_Throw_future_error 11714 ecbedf 11706->11714 11708 eb2aff 11708->11705 11709 eb2af4 __fassign 11709->11708 11710 eea671 __fassign 4 API calls 11709->11710 11711 ee6ccc 11710->11711 11712 ee8bec __fassign 4 API calls 11711->11712 11713 ee6cf6 11712->11713 11717 eccc31 11714->11717 11718 eccc3f InitOnceExecuteOnce 11717->11718 11720 ecbef2 11717->11720 11718->11720 11720->11709 11893 eb2e00 11894 eb2e28 11893->11894 11895 ecc68b __Mtx_init_in_situ 2 API calls 11894->11895 11896 eb2e33 11895->11896 12160 eb8980 12162 eb8aea 12160->12162 12163 eb89d8 shared_ptr 12160->12163 12161 eb5c10 6 API calls 12161->12163 12163->12161 12163->12162 11886 eb3c47 11887 eb3c51 11886->11887 11889 eb32d0 6 API calls 11887->11889 11890 eb3c5f 11887->11890 11888 eb3c68 11889->11890 11890->11888 11891 eb3810 4 API calls 11890->11891 11892 eb3cdb 11891->11892 12200 eb9f44 12201 eb9f4c shared_ptr 12200->12201 12202 eba953 Sleep CreateMutexA 12201->12202 12204 eba01f shared_ptr 12201->12204 12203 eba98e 12202->12203 12205 eb215a 12206 ecc6fc InitializeCriticalSectionEx 12205->12206 12207 eb2164 12206->12207 12164 eb3f9f 12165 eb3fad 12164->12165 12166 eb3fb6 12164->12166 12167 eb2410 5 API calls 12165->12167 12167->12166 11721 eb9adc 11722 eb9aea 11721->11722 11726 eb9afe shared_ptr 11721->11726 11723 eba917 11722->11723 11722->11726 11724 eba953 Sleep CreateMutexA 11723->11724 11725 eba98e 11724->11725 11727 eb5c10 6 API calls 11726->11727 11728 eb9b7c 11727->11728 11735 eb8b30 11728->11735 11730 eb9b8d 11731 eb5c10 6 API calls 11730->11731 11732 eb9cb1 11731->11732 11733 eb8b30 6 API calls 11732->11733 11734 eb9cc2 11733->11734 11736 eb8b7c 11735->11736 11737 eb5c10 6 API calls 11736->11737 11738 eb8b97 shared_ptr __floor_pentium4 11737->11738 11738->11730 12168 eb2b90 12169 eb2bce 12168->12169 12170 ecb7fb TpReleaseWork 12169->12170 12171 eb2bdb shared_ptr __floor_pentium4 12170->12171 12350 eb2b10 12351 eb2b1a 12350->12351 12352 eb2b1c 12350->12352 12353 ecc26a 5 API calls 12352->12353 12354 eb2b22 12353->12354 11992 ec87d0 11993 ec882a __cftof 11992->11993 11999 ec9bb0 11993->11999 11997 ec886c __floor_pentium4 11998 ec88d9 std::_Throw_future_error 12012 ec9ef0 11999->12012 12001 ec9be5 12002 eb2ce0 5 API calls 12001->12002 12003 ec9c16 12002->12003 12016 ec9f70 12003->12016 12005 ec8854 12005->11997 12006 eb43f0 12005->12006 12007 ecbedf InitOnceExecuteOnce 12006->12007 12008 eb440a 12007->12008 12009 eb4411 12008->12009 12010 ee6cbb 4 API calls 12008->12010 12009->11998 12011 eb4424 12010->12011 12013 ec9f0c 12012->12013 12014 ecc68b __Mtx_init_in_situ 2 API calls 12013->12014 12015 ec9f17 12014->12015 12015->12001 12018 ec9fef shared_ptr 12016->12018 12020 eca058 12018->12020 12021 eca210 12018->12021 12019 eca03b 12019->12005 12022 eca290 12021->12022 12028 ec71d0 12022->12028 12024 eca2cc shared_ptr 12025 eca4be shared_ptr 12024->12025 12026 eb3ee0 3 API calls 12024->12026 12025->12019 12027 eca4a6 12026->12027 12027->12019 12029 ec7211 12028->12029 12036 eb3970 12029->12036 12031 ec7446 __floor_pentium4 12031->12024 12032 ec72ad __cftof 12032->12031 12033 ecc68b __Mtx_init_in_situ 2 API calls 12032->12033 12034 ec7401 12033->12034 12041 eb2ec0 12034->12041 12037 ecc68b __Mtx_init_in_situ 2 API calls 12036->12037 12038 eb39a7 12037->12038 12039 ecc68b __Mtx_init_in_situ 2 API calls 12038->12039 12040 eb39e6 12039->12040 12040->12032 12042 eb2f7e GetCurrentThreadId 12041->12042 12043 eb2f06 12041->12043 12044 eb2fef 12042->12044 12045 eb2f94 12042->12045 12046 ecc6ac GetSystemTimePreciseAsFileTime 12043->12046 12044->12031 12045->12044 12050 ecc6ac GetSystemTimePreciseAsFileTime 12045->12050 12047 eb2f12 12046->12047 12048 eb301e 12047->12048 12054 eb2f1d __Mtx_unlock 12047->12054 12049 ecc26a 5 API calls 12048->12049 12051 eb3024 12049->12051 12053 eb2fb9 12050->12053 12052 ecc26a 5 API calls 12051->12052 12052->12053 12056 ecc26a 5 API calls 12053->12056 12057 eb2fc0 __Mtx_unlock 12053->12057 12054->12051 12055 eb2f6f 12054->12055 12055->12042 12055->12044 12056->12057 12058 ecc26a 5 API calls 12057->12058 12059 eb2fd8 __Cnd_broadcast 12057->12059 12058->12059 12059->12044 12060 ecc26a 5 API calls 12059->12060 12061 eb303c 12060->12061 12062 ecc6ac GetSystemTimePreciseAsFileTime 12061->12062 12070 eb3080 shared_ptr __Mtx_unlock 12062->12070 12063 eb31c5 12064 ecc26a 5 API calls 12063->12064 12065 eb31cb 12064->12065 12066 ecc26a 5 API calls 12065->12066 12067 eb31d1 12066->12067 12068 ecc26a 5 API calls 12067->12068 12076 eb3193 __Mtx_unlock 12068->12076 12069 eb31a7 __floor_pentium4 12069->12031 12070->12063 12070->12065 12070->12069 12072 eb3132 GetCurrentThreadId 12070->12072 12071 ecc26a 5 API calls 12073 eb31dd 12071->12073 12072->12069 12074 eb313b 12072->12074 12074->12069 12075 ecc6ac GetSystemTimePreciseAsFileTime 12074->12075 12077 eb315f 12075->12077 12076->12069 12076->12071 12077->12063 12077->12067 12077->12076 12078 ecbd4c GetSystemTimePreciseAsFileTime 12077->12078 12078->12077 11539 eba856 11540 eba870 11539->11540 11541 eba892 shared_ptr 11539->11541 11540->11541 11545 eba94e 11540->11545 11546 eba8a0 11541->11546 11555 eb7d30 11541->11555 11543 eba8ae 11543->11546 11547 eb7d30 7 API calls 11543->11547 11544 eba953 Sleep CreateMutexA 11548 eba98e 11544->11548 11545->11544 11549 eba8b8 11547->11549 11549->11546 11550 eb7d30 7 API calls 11549->11550 11551 eba8c2 11550->11551 11551->11546 11552 eb7d30 7 API calls 11551->11552 11553 eba8cc 11552->11553 11553->11546 11554 eb7d30 7 API calls 11553->11554 11554->11546 11556 eb7d96 __cftof 11555->11556 11560 eb7ee8 shared_ptr __floor_pentium4 11556->11560 11594 eb5c10 11556->11594 11558 eb7dd2 11559 eb5c10 6 API calls 11558->11559 11562 eb7dff shared_ptr 11559->11562 11560->11543 11561 eb7ed3 GetNativeSystemInfo 11563 eb7ed7 11561->11563 11562->11560 11562->11561 11562->11563 11563->11560 11564 eb8019 11563->11564 11565 eb7f3f 11563->11565 11566 eb5c10 6 API calls 11564->11566 11567 eb5c10 6 API calls 11565->11567 11568 eb804c 11566->11568 11569 eb7f67 11567->11569 11571 eb5c10 6 API calls 11568->11571 11570 eb5c10 6 API calls 11569->11570 11572 eb7f86 11570->11572 11573 eb806b 11571->11573 11604 ee8bbe 11572->11604 11575 eb5c10 6 API calls 11573->11575 11576 eb80a3 11575->11576 11577 eb5c10 6 API calls 11576->11577 11578 eb80f4 11577->11578 11579 eb5c10 6 API calls 11578->11579 11580 eb8113 11579->11580 11581 eb5c10 6 API calls 11580->11581 11582 eb814b 11581->11582 11583 eb5c10 6 API calls 11582->11583 11584 eb819c 11583->11584 11585 eb5c10 6 API calls 11584->11585 11586 eb81bb 11585->11586 11587 eb5c10 6 API calls 11586->11587 11588 eb81f3 11587->11588 11589 eb5c10 6 API calls 11588->11589 11590 eb8244 11589->11590 11591 eb5c10 6 API calls 11590->11591 11592 eb8263 11591->11592 11593 eb5c10 6 API calls 11592->11593 11593->11560 11595 eb5c54 11594->11595 11607 eb4b30 11595->11607 11597 eb5d17 shared_ptr __floor_pentium4 11597->11558 11598 eb5c7b __cftof 11598->11597 11599 eb5da7 RegOpenKeyExA 11598->11599 11600 eb5e00 RegCloseKey 11599->11600 11602 eb5e26 11600->11602 11601 eb5ea6 shared_ptr __floor_pentium4 11601->11558 11602->11601 11603 eb5c10 4 API calls 11602->11603 11635 ee8868 11604->11635 11606 ee8bdc 11606->11560 11609 eb4ce5 11607->11609 11610 eb4b92 11607->11610 11609->11598 11610->11609 11611 ee6da6 11610->11611 11612 ee6db4 11611->11612 11613 ee6dc2 __fassign 11611->11613 11616 ee6d19 11612->11616 11613->11610 11617 ee690a __fassign 4 API calls 11616->11617 11618 ee6d2c 11617->11618 11621 ee6d52 11618->11621 11620 ee6d3d 11620->11610 11622 ee6d8f 11621->11622 11623 ee6d5f 11621->11623 11624 eeb67d 4 API calls 11622->11624 11626 ee6d6e __fassign 11623->11626 11627 eeb6a1 11623->11627 11624->11626 11626->11620 11628 ee690a __fassign 4 API calls 11627->11628 11629 eeb6be 11628->11629 11631 eeb6ce __floor_pentium4 11629->11631 11632 eef1bf 11629->11632 11631->11626 11633 ee690a __fassign 4 API calls 11632->11633 11634 eef1df __cftof __fassign __freea __floor_pentium4 11633->11634 11634->11631 11636 ee887a 11635->11636 11637 ee690a __fassign 4 API calls 11636->11637 11640 ee888f ___std_exception_copy 11636->11640 11639 ee88bf 11637->11639 11638 ee6d52 4 API calls 11638->11639 11639->11638 11639->11640 11640->11606 12355 ecd111 12357 ecd121 12355->12357 12356 ecd12a 12357->12356 12359 ecd199 12357->12359 12360 ecd1a7 SleepConditionVariableCS 12359->12360 12362 ecd1c0 12359->12362 12360->12362 12362->12357

                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                            Function 00EE652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32(?,?,00EE652A,?,?,?,?,?,00EE7661), ref: 00EE6566
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExitProcess
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 621844428-0
                                                                                                                                                                                                                                                                            • Opcode ID: df358c2a853b28df66ae5c45e281f8561f15c2069ab7902c6fc6edcdff79c6a1
                                                                                                                                                                                                                                                                            • Instruction ID: 7947a622d9e10ce418b234658f9d5f1e6765c6aee6e0f358196f4540cc88e147
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: df358c2a853b28df66ae5c45e281f8561f15c2069ab7902c6fc6edcdff79c6a1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BBE0863025258C6ACE25BB55DC1994C3B59EF21789F002C24FC1456125CB35ED45CA80
                                                                                                                                                                                                                                                                            Function 052B0CC2 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112004385.00000000052B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_52b0000_file.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: f0272760d77c5d454df714dcc5c53a33aae42ccdadc9d0d9f30279b28620efa8
                                                                                                                                                                                                                                                                            • Instruction ID: c133ccf72a2df178030ae94ca48b3274b660f3a7a8abc597c215b748caab5689
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f0272760d77c5d454df714dcc5c53a33aae42ccdadc9d0d9f30279b28620efa8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50117CAE17C117BE7513D5416F0CAFB3A6FEAC57F03708419F80BDA481E2E4AA490560
                                                                                                                                                                                                                                                                            Function 00EB5C10 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
                                                                                                                                                                                                                                                                            • API String ID: 0-3963862150
                                                                                                                                                                                                                                                                            • Opcode ID: 7b98ba464aeee062e4e7c4ca3e49309eea3982e7854162740c4255c7c5eb4029
                                                                                                                                                                                                                                                                            • Instruction ID: 921f36c301f5dc61f0dfab86fbe33baeac512dbc31af931b30c9c94874a755fe
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b98ba464aeee062e4e7c4ca3e49309eea3982e7854162740c4255c7c5eb4029
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2F1E071A0024C9BEB24DF54CD85BEEBBB9EF44304F5046A8F508A72C1DB759A84CF95
                                                                                                                                                                                                                                                                            Function 00EB9BA5 Relevance: 3.1, APIs: 2, Instructions: 140sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 185 eb9ba5-eb9d91 call ec7a00 call eb5c10 call eb8b30 call ec8220
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 00EBA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00F13254), ref: 00EBA981
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-0
                                                                                                                                                                                                                                                                            • Opcode ID: 39e7c9aeae90d95dfb68b001642145d49ba78b29887b999fd28138c32c7e1e53
                                                                                                                                                                                                                                                                            • Instruction ID: b6ffb1df6aa1777ec0fe7dd2d4de41d6f2ac829d5dc774dd84e215bc7ff3362f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39e7c9aeae90d95dfb68b001642145d49ba78b29887b999fd28138c32c7e1e53
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F3109717052049BEB08DB78EDC9BEEBA62EFC5310F249628E114BB3D6C77649818A51
                                                                                                                                                                                                                                                                            Function 00EB9F44 Relevance: 3.1, APIs: 2, Instructions: 137sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 207 eb9f44-eb9f64 211 eb9f92-eb9fae 207->211 212 eb9f66-eb9f72 207->212 215 eb9fdc-eb9ffb 211->215 216 eb9fb0-eb9fbc 211->216 213 eb9f88-eb9f8f call ecd663 212->213 214 eb9f74-eb9f82 212->214 213->211 214->213 217 eba92b 214->217 221 eba029-eba916 call ec80c0 215->221 222 eb9ffd-eba009 215->222 219 eb9fbe-eb9fcc 216->219 220 eb9fd2-eb9fd9 call ecd663 216->220 224 eba953-eba994 Sleep CreateMutexA 217->224 225 eba92b call ee6c6a 217->225 219->217 219->220 220->215 228 eba00b-eba019 222->228 229 eba01f-eba026 call ecd663 222->229 237 eba9a7-eba9a8 224->237 238 eba996-eba998 224->238 225->224 228->217 228->229 229->221 238->237 239 eba99a-eba9a5 238->239 239->237
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 00EBA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00F13254), ref: 00EBA981
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-0
                                                                                                                                                                                                                                                                            • Opcode ID: 395ea9ed37c806daa8540500338977cd9e836a83e08f0a9d1e3b9f91ff8e3554
                                                                                                                                                                                                                                                                            • Instruction ID: d84cd671216cd507463f216916f7a66806d01cca1b894b5230b0f96de285236d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 395ea9ed37c806daa8540500338977cd9e836a83e08f0a9d1e3b9f91ff8e3554
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D13128717142049BEF18AB78DD89BEEB762EFC5310F249628E114FB2D1C77689818752
                                                                                                                                                                                                                                                                            Function 00EBA079 Relevance: 3.1, APIs: 2, Instructions: 136sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 241 eba079-eba099 245 eba09b-eba0a7 241->245 246 eba0c7-eba0e3 241->246 247 eba0a9-eba0b7 245->247 248 eba0bd-eba0c4 call ecd663 245->248 249 eba111-eba130 246->249 250 eba0e5-eba0f1 246->250 247->248 251 eba930-eba994 call ee6c6a Sleep CreateMutexA 247->251 248->246 255 eba15e-eba916 call ec80c0 249->255 256 eba132-eba13e 249->256 253 eba0f3-eba101 250->253 254 eba107-eba10e call ecd663 250->254 271 eba9a7-eba9a8 251->271 272 eba996-eba998 251->272 253->251 253->254 254->249 257 eba140-eba14e 256->257 258 eba154-eba15b call ecd663 256->258 257->251 257->258 258->255 272->271 273 eba99a-eba9a5 272->273 273->271
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 00EBA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00F13254), ref: 00EBA981
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2ab16ad732875e0298720c0ea00077d47517503f2d36a49aa5b59aa1796e9095
                                                                                                                                                                                                                                                                            • Instruction ID: 294a1aa4e97bf8b7bf7b28930b7e70d64734e8aedd9908c83b198a0d70e5ed01
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ab16ad732875e0298720c0ea00077d47517503f2d36a49aa5b59aa1796e9095
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E63125717112009BEF18ABBCDD89BDEB762EBC1310F289228E014BB3D1C77689818652
                                                                                                                                                                                                                                                                            Function 00EBA1AE Relevance: 3.1, APIs: 2, Instructions: 135sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 275 eba1ae-eba1ce 279 eba1fc-eba218 275->279 280 eba1d0-eba1dc 275->280 283 eba21a-eba226 279->283 284 eba246-eba265 279->284 281 eba1de-eba1ec 280->281 282 eba1f2-eba1f9 call ecd663 280->282 281->282 285 eba935 281->285 282->279 287 eba228-eba236 283->287 288 eba23c-eba243 call ecd663 283->288 289 eba293-eba916 call ec80c0 284->289 290 eba267-eba273 284->290 295 eba953-eba994 Sleep CreateMutexA 285->295 296 eba935 call ee6c6a 285->296 287->285 287->288 288->284 291 eba289-eba290 call ecd663 290->291 292 eba275-eba283 290->292 291->289 292->285 292->291 305 eba9a7-eba9a8 295->305 306 eba996-eba998 295->306 296->295 306->305 307 eba99a-eba9a5 306->307 307->305
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 00EBA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00F13254), ref: 00EBA981
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-0
                                                                                                                                                                                                                                                                            • Opcode ID: 8189460abbb9fe2ddc9502ea53deb57a2fd3e068711bf4dd78a0e0c45d4b508e
                                                                                                                                                                                                                                                                            • Instruction ID: d4ea1bbfb8c6707ecffc27f0d5c4d7eba500f814d17bd3c28e29476c08794c49
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8189460abbb9fe2ddc9502ea53deb57a2fd3e068711bf4dd78a0e0c45d4b508e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 753127717052409BEF089BBCDD89BDEB762EFC5310F289628E014BB3D1D77689819652
                                                                                                                                                                                                                                                                            Function 00EBA418 Relevance: 3.1, APIs: 2, Instructions: 133sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 309 eba418-eba438 313 eba43a-eba446 309->313 314 eba466-eba482 309->314 315 eba448-eba456 313->315 316 eba45c-eba463 call ecd663 313->316 317 eba4b0-eba4cf 314->317 318 eba484-eba490 314->318 315->316 319 eba93f-eba949 call ee6c6a * 2 315->319 316->314 323 eba4fd-eba916 call ec80c0 317->323 324 eba4d1-eba4dd 317->324 321 eba492-eba4a0 318->321 322 eba4a6-eba4ad call ecd663 318->322 340 eba94e 319->340 341 eba949 call ee6c6a 319->341 321->319 321->322 322->317 329 eba4df-eba4ed 324->329 330 eba4f3-eba4fa call ecd663 324->330 329->319 329->330 330->323 342 eba953-eba994 Sleep CreateMutexA 340->342 343 eba94e call ee6c6a 340->343 341->340 345 eba9a7-eba9a8 342->345 346 eba996-eba998 342->346 343->342 346->345 347 eba99a-eba9a5 346->347 347->345
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 00EBA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00F13254), ref: 00EBA981
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7b9fb42f47a5340edb6b222b07ffa2571f5ddf85e10801d52000a1e82e25a8b1
                                                                                                                                                                                                                                                                            • Instruction ID: c187016064d8e96fab194fa79ec20e076267459ff0fb98a573af4e66e6f21cd5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b9fb42f47a5340edb6b222b07ffa2571f5ddf85e10801d52000a1e82e25a8b1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41313B717001449BEF189BB8ED8DBEEB6A1EFC1314F28A238E054FB2D5C77649808652
                                                                                                                                                                                                                                                                            Function 00EBA54D Relevance: 3.1, APIs: 2, Instructions: 132sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 349 eba54d-eba56d 353 eba59b-eba5b7 349->353 354 eba56f-eba57b 349->354 357 eba5b9-eba5c5 353->357 358 eba5e5-eba604 353->358 355 eba57d-eba58b 354->355 356 eba591-eba598 call ecd663 354->356 355->356 361 eba944-eba949 call ee6c6a 355->361 356->353 363 eba5db-eba5e2 call ecd663 357->363 364 eba5c7-eba5d5 357->364 359 eba632-eba916 call ec80c0 358->359 360 eba606-eba612 358->360 366 eba628-eba62f call ecd663 360->366 367 eba614-eba622 360->367 377 eba94e 361->377 378 eba949 call ee6c6a 361->378 363->358 364->361 364->363 366->359 367->361 367->366 380 eba953-eba994 Sleep CreateMutexA 377->380 381 eba94e call ee6c6a 377->381 378->377 383 eba9a7-eba9a8 380->383 384 eba996-eba998 380->384 381->380 384->383 385 eba99a-eba9a5 384->385 385->383
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 00EBA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00F13254), ref: 00EBA981
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-0
                                                                                                                                                                                                                                                                            • Opcode ID: d83567fd7a7096035452ff902356578b89a6f046df1cc3700be56b99098895b2
                                                                                                                                                                                                                                                                            • Instruction ID: 6d2dafcb04a2536c83b8866887ea7b6e150d82842f3c825ef8923a7ce1b7adb8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d83567fd7a7096035452ff902356578b89a6f046df1cc3700be56b99098895b2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF314C717011448BEF18DBB8DD89BEEB761EFC5314F289628E044FB2D5C73589819712
                                                                                                                                                                                                                                                                            Function 00EBA682 Relevance: 3.1, APIs: 2, Instructions: 131sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 387 eba682-eba6a2 391 eba6d0-eba6ec 387->391 392 eba6a4-eba6b0 387->392 395 eba71a-eba739 391->395 396 eba6ee-eba6fa 391->396 393 eba6b2-eba6c0 392->393 394 eba6c6-eba6cd call ecd663 392->394 393->394 399 eba949 393->399 394->391 397 eba73b-eba747 395->397 398 eba767-eba916 call ec80c0 395->398 401 eba6fc-eba70a 396->401 402 eba710-eba717 call ecd663 396->402 404 eba749-eba757 397->404 405 eba75d-eba764 call ecd663 397->405 407 eba94e 399->407 408 eba949 call ee6c6a 399->408 401->399 401->402 402->395 404->399 404->405 405->398 413 eba953-eba994 Sleep CreateMutexA 407->413 414 eba94e call ee6c6a 407->414 408->407 419 eba9a7-eba9a8 413->419 420 eba996-eba998 413->420 414->413 420->419 421 eba99a-eba9a5 420->421 421->419
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 00EBA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00F13254), ref: 00EBA981
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-0
                                                                                                                                                                                                                                                                            • Opcode ID: 9bf77b4431ec35f3d127b2825b2f3e8165e740838a6a9038bce0262ba3ce2102
                                                                                                                                                                                                                                                                            • Instruction ID: b98dc2c3136ecb637e5892966271789d52e579af4bbbc301dc56c84138e3e760
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bf77b4431ec35f3d127b2825b2f3e8165e740838a6a9038bce0262ba3ce2102
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 283139717042449BEF189BB8DD89BEEB772EFC5310F289638E014FB2D5CB3649818652
                                                                                                                                                                                                                                                                            Function 00EB9ADC Relevance: 3.1, APIs: 2, Instructions: 107sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 423 eb9adc-eb9ae8 424 eb9aea-eb9af8 423->424 425 eb9afe-eb9d91 call ecd663 call ec7a00 call eb5c10 call eb8b30 call ec8220 call ec7a00 call eb5c10 call eb8b30 call ec8220 423->425 424->425 426 eba917 424->426 428 eba953-eba994 Sleep CreateMutexA 426->428 429 eba917 call ee6c6a 426->429 435 eba9a7-eba9a8 428->435 436 eba996-eba998 428->436 429->428 436->435 438 eba99a-eba9a5 436->438 438->435
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 00EBA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00F13254), ref: 00EBA981
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-0
                                                                                                                                                                                                                                                                            • Opcode ID: a4e9c14c00b49c796e42d0713487ebcf94fa1cbe58ad3b5d7543daa5a429093b
                                                                                                                                                                                                                                                                            • Instruction ID: 2a74f256cb2b45ec1a09ee3807cad4a9288f52895f8cdbeb6203c03dabfbbb79
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4e9c14c00b49c796e42d0713487ebcf94fa1cbe58ad3b5d7543daa5a429093b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E214C317052409BEF189F68EDC9BAEF761EFC1710F245229E544EB3D1C7764981DA12
                                                                                                                                                                                                                                                                            Function 00EBA856 Relevance: 3.1, APIs: 2, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 491 eba856-eba86e 492 eba89c-eba89e 491->492 493 eba870-eba87c 491->493 496 eba8a9-eba8b1 call eb7d30 492->496 497 eba8a0-eba8a7 492->497 494 eba87e-eba88c 493->494 495 eba892-eba899 call ecd663 493->495 494->495 498 eba94e 494->498 495->492 508 eba8b3-eba8bb call eb7d30 496->508 509 eba8e4-eba8e6 496->509 500 eba8eb-eba916 call ec80c0 497->500 505 eba953-eba987 Sleep CreateMutexA 498->505 506 eba94e call ee6c6a 498->506 511 eba98e-eba994 505->511 506->505 508->509 515 eba8bd-eba8c5 call eb7d30 508->515 509->500 513 eba9a7-eba9a8 511->513 514 eba996-eba998 511->514 514->513 516 eba99a-eba9a5 514->516 515->509 520 eba8c7-eba8cf call eb7d30 515->520 516->513 520->509 523 eba8d1-eba8d9 call eb7d30 520->523 523->509 526 eba8db-eba8e2 523->526 526->500
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 00EBA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00F13254), ref: 00EBA981
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-0
                                                                                                                                                                                                                                                                            • Opcode ID: c0de561c7d9e490e14f8fd6c43e9694d435d4af83551086b557f7a603bed7a7c
                                                                                                                                                                                                                                                                            • Instruction ID: b6f06d26637bc71a7fb48c1f4f2737671dfb12ddbaf668ac826f5100a0008a30
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c0de561c7d9e490e14f8fd6c43e9694d435d4af83551086b557f7a603bed7a7c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB2160303452018BEF2C6BA8E94E7EFF251DFC1704F286835E548F66D1CA7645819593
                                                                                                                                                                                                                                                                            Function 00EBA34F Relevance: 3.1, APIs: 2, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 468 eba34f-eba35b 469 eba35d-eba36b 468->469 470 eba371-eba39a call ecd663 468->470 469->470 471 eba93a 469->471 476 eba3c8-eba916 call ec80c0 470->476 477 eba39c-eba3a8 470->477 474 eba953-eba994 Sleep CreateMutexA 471->474 475 eba93a call ee6c6a 471->475 484 eba9a7-eba9a8 474->484 485 eba996-eba998 474->485 475->474 478 eba3aa-eba3b8 477->478 479 eba3be-eba3c5 call ecd663 477->479 478->471 478->479 479->476 485->484 488 eba99a-eba9a5 485->488 488->484
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 00EBA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00F13254), ref: 00EBA981
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-0
                                                                                                                                                                                                                                                                            • Opcode ID: 6704cfd82a3abd607e0641b19e62f65c428cff36022d91f38088d1a647af34f2
                                                                                                                                                                                                                                                                            • Instruction ID: 95e385eea583fe72f46c65be08a978da433ecb8e38d2c966e1f487b63780a1db
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6704cfd82a3abd607e0641b19e62f65c428cff36022d91f38088d1a647af34f2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB216A313052009BEF1C9F68ED89BAEB7A2EFD1710F289239E504FB7D0C77646808652
                                                                                                                                                                                                                                                                            Function 00EB7D30 Relevance: 1.9, APIs: 1, Instructions: 426COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 527 eb7d30-eb7db2 call ee40f0 531 eb7db8-eb7de0 call ec7a00 call eb5c10 527->531 532 eb8356-eb8373 call eccff1 527->532 539 eb7de2 531->539 540 eb7de4-eb7e06 call ec7a00 call eb5c10 531->540 539->540 545 eb7e0a-eb7e23 540->545 546 eb7e08 540->546 549 eb7e25-eb7e34 545->549 550 eb7e54-eb7e7f 545->550 546->545 551 eb7e4a-eb7e51 call ecd663 549->551 552 eb7e36-eb7e44 549->552 553 eb7e81-eb7e90 550->553 554 eb7eb0-eb7ed1 550->554 551->550 552->551 555 eb8374 call ee6c6a 552->555 557 eb7e92-eb7ea0 553->557 558 eb7ea6-eb7ead call ecd663 553->558 559 eb7ed3-eb7ed5 GetNativeSystemInfo 554->559 560 eb7ed7-eb7edc 554->560 568 eb8379-eb837f call ee6c6a 555->568 557->555 557->558 558->554 564 eb7edd-eb7ee6 559->564 560->564 566 eb7ee8-eb7eef 564->566 567 eb7f04-eb7f07 564->567 570 eb8351 566->570 571 eb7ef5-eb7eff 566->571 572 eb7f0d-eb7f16 567->572 573 eb82f7-eb82fa 567->573 570->532 575 eb834c 571->575 576 eb7f29-eb7f2c 572->576 577 eb7f18-eb7f24 572->577 573->570 578 eb82fc-eb8305 573->578 575->570 580 eb7f32-eb7f39 576->580 581 eb82d4-eb82d6 576->581 577->575 582 eb832c-eb832f 578->582 583 eb8307-eb830b 578->583 586 eb8019-eb82bd call ec7a00 call eb5c10 call ec7a00 call eb5c10 call eb5d50 call ec7a00 call eb5c10 call eb5730 call ec7a00 call eb5c10 call ec7a00 call eb5c10 call eb5d50 call ec7a00 call eb5c10 call eb5730 call ec7a00 call eb5c10 call ec7a00 call eb5c10 call eb5d50 call ec7a00 call eb5c10 call eb5730 call ec7a00 call eb5c10 call ec7a00 call eb5c10 call eb5d50 call ec7a00 call eb5c10 call eb5730 580->586 587 eb7f3f-eb7f9b call ec7a00 call eb5c10 call ec7a00 call eb5c10 call eb5d50 580->587 584 eb82d8-eb82e2 581->584 585 eb82e4-eb82e7 581->585 590 eb833d-eb8349 582->590 591 eb8331-eb833b 582->591 588 eb830d-eb8312 583->588 589 eb8320-eb832a 583->589 584->575 585->570 593 eb82e9-eb82f5 585->593 627 eb82c3-eb82cc 586->627 612 eb7fa0-eb7fa7 587->612 588->589 595 eb8314-eb831e 588->595 589->570 590->575 591->570 593->575 595->570 614 eb7fab-eb7fcb call ee8bbe 612->614 615 eb7fa9 612->615 621 eb7fcd-eb7fdc 614->621 622 eb8002-eb8004 614->622 615->614 624 eb7fde-eb7fec 621->624 625 eb7ff2-eb7fff call ecd663 621->625 626 eb800a-eb8014 622->626 622->627 624->568 624->625 625->622 626->627 627->573 630 eb82ce 627->630 630->581
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00EB7ED3
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InfoNativeSystem
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1721193555-0
                                                                                                                                                                                                                                                                            • Opcode ID: fb9e26932e6550fd919f86f4f07b1704a2168ad2cec70ee3e295865f3788bea9
                                                                                                                                                                                                                                                                            • Instruction ID: 3c27e7c2aeccc7de5e933e64951d54a68ee5d10a9c7d48f7f89291065241928e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb9e26932e6550fd919f86f4f07b1704a2168ad2cec70ee3e295865f3788bea9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10E13471E002049BCF15BB68CD1B7EF7AA2AB41720F94529CE4557B3C2DB358E919BC2
                                                                                                                                                                                                                                                                            Function 00EED82F Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 826 eed82f-eed83a 827 eed83c-eed846 826->827 828 eed848-eed84e 826->828 827->828 829 eed87c-eed887 call ee75f6 827->829 830 eed867-eed878 RtlAllocateHeap 828->830 831 eed850-eed851 828->831 837 eed889-eed88b 829->837 832 eed87a 830->832 833 eed853-eed85a call ee9dc0 830->833 831->830 832->837 833->829 839 eed85c-eed865 call ee8e36 833->839 839->829 839->830
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00EEA813,00000001,00000364,00000006,000000FF,?,00EEEE3F,?,00000004,00000000,?,?), ref: 00EED870
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                            • Opcode ID: b62cb5cb40e7622e908eea006f959f28f7a856a30d9fb60d0c541f4a242f1eb8
                                                                                                                                                                                                                                                                            • Instruction ID: 909368024e25f79fca3320102e9b549736925d8c4edcbd262aa96a0b2e463087
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b62cb5cb40e7622e908eea006f959f28f7a856a30d9fb60d0c541f4a242f1eb8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5F02E3250D1BC67DF292A73AC02A5B3799DF41770B15B021EC04F7191DA31DC0081E4
                                                                                                                                                                                                                                                                            Function 00EB87B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,00EBDA1D,?,?,?,?), ref: 00EB87B9
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3cf0f9d5047e574df850235c5a5db26e47cb8e92547259fa0826b60a5731fb5b
                                                                                                                                                                                                                                                                            • Instruction ID: b6cd0b0120d4fdcad57943bee1f633d216d2f56ed182c5cb20da9d858f11a59b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3cf0f9d5047e574df850235c5a5db26e47cb8e92547259fa0826b60a5731fb5b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40C08C3802262006EE1C453842988EA330D994B7EC7F43BC5E074EF3E1CE3658C7DA50
                                                                                                                                                                                                                                                                            Function 00EB87B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,00EBDA1D,?,?,?,?), ref: 00EB87B9
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                            • Opcode ID: 19dc3506ff67e494046674009e381c06a7ba96629bd793e44bf1a7a48d73a83d
                                                                                                                                                                                                                                                                            • Instruction ID: 3f3b6bac84c86488511aaff337b95bee0e456a0eccfae9741e3ac21440660680
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19dc3506ff67e494046674009e381c06a7ba96629bd793e44bf1a7a48d73a83d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48C0123401111046961C452842584A63309990675C3F02B89D031AB2E1CE328483CA90
                                                                                                                                                                                                                                                                            Function 00EBB1A0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00EBB3C8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Initialize
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2538663250-0
                                                                                                                                                                                                                                                                            • Opcode ID: 9d1d9259fca716a07fea2ba13b997e70e076f659336d2e6b065ee0057c8578e7
                                                                                                                                                                                                                                                                            • Instruction ID: 3b58f5524b2ba2961382b7e5827052842e76390661709d5931f2cc5a1b024605
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d1d9259fca716a07fea2ba13b997e70e076f659336d2e6b065ee0057c8578e7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9B12870A10268DFEB29CF14CD94BDEB7B5EF09304F5081D8E409A7281D7B5AA84CF90
                                                                                                                                                                                                                                                                            Function 052B0CCD Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112004385.00000000052B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_52b0000_file.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: dde9508a2c7864b4b23b57abccf5c62bd5f0044089dc3203cc2bb8285b514ff2
                                                                                                                                                                                                                                                                            • Instruction ID: b5150d932f8d60302831dbf699f97cc639478abfc1fcde0ac86b496c335538be
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dde9508a2c7864b4b23b57abccf5c62bd5f0044089dc3203cc2bb8285b514ff2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E32106AF13C117BEB103D4416B1DBF73B6FEE867F03708116F80B9A482E6D19A464160
                                                                                                                                                                                                                                                                            Function 052B0CFA Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112004385.00000000052B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_52b0000_file.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 1fdb91f94949749b6b43d8430122b7fc2067d389bf5b9529485a4b7a9f2e2e83
                                                                                                                                                                                                                                                                            • Instruction ID: 48774437f67fc963c6ea97f80284342e3c5573a0f2600adc109b0ecd3173c994
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1fdb91f94949749b6b43d8430122b7fc2067d389bf5b9529485a4b7a9f2e2e83
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E11E7AF57C217BEB603D5912B09BF77B3EEE867F0370801AF80695482E2D05A494560
                                                                                                                                                                                                                                                                            Function 052B0D12 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112004385.00000000052B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_52b0000_file.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 2164a6953056e4c5bf1b56b2817acf080e316532e672552fe168276d723fbe53
                                                                                                                                                                                                                                                                            • Instruction ID: ba20317456fd64107e6ba575d60c673e91595e5aba048f8a6c30a8bf5b34f50f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2164a6953056e4c5bf1b56b2817acf080e316532e672552fe168276d723fbe53
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E11C1AE17D127BEB603D5506F1CAFB3B6FEE867B0370801AF846D90C1E2D4AA460164
                                                                                                                                                                                                                                                                            Function 052B0D34 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112004385.00000000052B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_52b0000_file.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 58df8ed5e1edca9700c30733aa8c4eb77339ad44333e993454cfda2bb3ca70f2
                                                                                                                                                                                                                                                                            • Instruction ID: 090d56cbb1e72a1fd4bd145fcd45150b582ef5fd1a282121033b3992bd454278
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58df8ed5e1edca9700c30733aa8c4eb77339ad44333e993454cfda2bb3ca70f2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E01DFAB03C112BEB613D5902F58EFB3B6FEED57B0371C419F80A95081E2E5AA490170
                                                                                                                                                                                                                                                                            Function 052B0D4C Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112004385.00000000052B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_52b0000_file.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 2f4bb9196184f40f4e9fcaf0ed91c9264e35e4ece93d9d2e9e924b17828f4ab8
                                                                                                                                                                                                                                                                            • Instruction ID: b1442c6c653b76efb68ff7c431752c44e25600db5dc80d6e9fede04aded38de5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f4bb9196184f40f4e9fcaf0ed91c9264e35e4ece93d9d2e9e924b17828f4ab8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8801A2AE57C113BEB612D5502F18AFB3B6EEAC5BA0774C419F44BD5081E3E4A6490560
                                                                                                                                                                                                                                                                            Function 052B0D6A Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112004385.00000000052B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_52b0000_file.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 55586ed06a3d1273093a667a04b7061ce29a20dbb737cee3e8a5223e43bcf85b
                                                                                                                                                                                                                                                                            • Instruction ID: d9c702fcdc89e7793ec6f74d367b761ea2c1882d859683814c62c895599e8e3c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55586ed06a3d1273093a667a04b7061ce29a20dbb737cee3e8a5223e43bcf85b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71F0F6AF57C113FEB602D5506F4CEFB3B6BEE887A0770C51AF40AD5080E2E4A5454460
                                                                                                                                                                                                                                                                            Function 052B0D8A Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112004385.00000000052B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_52b0000_file.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 8dfab14da466c4d0cf4f6e3fe78d3178c394bac9b62ca267bf3f3168efc0ebf7
                                                                                                                                                                                                                                                                            • Instruction ID: 8473e283e683321d392a0085a4a52c3cd5ba4eb1f7833213d98ced087bf07d26
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8dfab14da466c4d0cf4f6e3fe78d3178c394bac9b62ca267bf3f3168efc0ebf7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96F0E2AF57C213FEB612D5506F0DEFB3B6EEE957A0770C51AF40A91480E2E4A2490460
                                                                                                                                                                                                                                                                            Function 052B0D9C Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112004385.00000000052B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_52b0000_file.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 558e6509bf3e8dca76e950065400620b25c66b1fb9278ae74295b068c057fe59
                                                                                                                                                                                                                                                                            • Instruction ID: 1fe161b2ee70ea2497298f2f069c3eb9f890fd2950049751f2b37a8a1fe67934
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 558e6509bf3e8dca76e950065400620b25c66b1fb9278ae74295b068c057fe59
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84F020AF57C213BEB512E1603F0CFFB376EEAD57A0771C51AF40AC1080E2E4A1090060
                                                                                                                                                                                                                                                                            Function 052B0DC6 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112004385.00000000052B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_52b0000_file.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 6e0ddf98ce1a2a470a6480d8ad4305501998b6ea4b57317be9cf8efdc960d130
                                                                                                                                                                                                                                                                            • Instruction ID: 99a3cdf4024f0b9dc57e3d4d4a416270ce7f2f78ca8a38b2ab99c1550d4cc788
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e0ddf98ce1a2a470a6480d8ad4305501998b6ea4b57317be9cf8efdc960d130
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7AE0ECBB97C112AEF611E1602E4DBFB7B5EFE94790775852AF446D5041E2D451090450
                                                                                                                                                                                                                                                                            Function 052B0DE6 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112004385.00000000052B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_52b0000_file.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 6d5ee0be308da220f3c2ed5fb2c096977c299024e54612196fc98d20d13899dc
                                                                                                                                                                                                                                                                            • Instruction ID: 96757da7e1b89dd5cfac6fe827883abef79b8c2c86fbe588fa2d3b0d742c1511
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d5ee0be308da220f3c2ed5fb2c096977c299024e54612196fc98d20d13899dc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7E07DBF5B9012BEF513E1502E0CFF73B19EF84FD0374852AF01586080E7E4920A0490
                                                                                                                                                                                                                                                                            Function 052B0DF3 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2112004385.00000000052B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_52b0000_file.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 0b4389bfb068894116a6806c6499c44b22d425f80fd810c46c710281aa5d565b
                                                                                                                                                                                                                                                                            • Instruction ID: b35df1884ec15863d79665fec9a943623b49d22c902848b29c3e59e052d27358
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b4389bfb068894116a6806c6499c44b22d425f80fd810c46c710281aa5d565b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94E0C0775BC1015FF612E4102F4C7E73721EF443903380516E0144A040E1E5820946C0

                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                            Function 00EF31A8 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                            • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                            • Opcode ID: 44e13f11c54fd413bcb75d27a3e7f77fae2ddbbd2d9b05893f4c02e54b07de26
                                                                                                                                                                                                                                                                            • Instruction ID: 737ec754445e61e9ec93a6975e6831f2d129e21e4c912628684d7b3e4ed43afd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44e13f11c54fd413bcb75d27a3e7f77fae2ddbbd2d9b05893f4c02e54b07de26
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AFC229B1E0462C8BDB25CE28DD407EAB3B5EB84345F1451EADA4DF7280E775AE818F40
                                                                                                                                                                                                                                                                            Function 00EBE0C0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • recv.WS2_32(?,?,00000004,00000000), ref: 00EBE10B
                                                                                                                                                                                                                                                                            • recv.WS2_32(?,?,00000008,00000000), ref: 00EBE140
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: recv
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1507349165-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1451ef5bfc6a4a82ad2bb84912893c52546d1ed93db31925f2456d13c8aed1cb
                                                                                                                                                                                                                                                                            • Instruction ID: 3b954a1f44f063b9cb64718b59426dac09a36345249df21a5a7c6a538728bd05
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1451ef5bfc6a4a82ad2bb84912893c52546d1ed93db31925f2456d13c8aed1cb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6631D471A002489BD720CB6CDC81BEBBBFCEB0C738F155625E514F7391DA75A8458BA0
                                                                                                                                                                                                                                                                            Function 00EF2D10 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
                                                                                                                                                                                                                                                                            • Instruction ID: ada48d56fa848df26d62d289b9b0bedc330a6e42b6f0c5a1ab2716e502bbf5f6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52F11D71E012199BDF14CFA8C9806AEB7B1FF48314F25826EDA19BB345D731AE41CB90
                                                                                                                                                                                                                                                                            Function 00ECCBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetSystemTimePreciseAsFileTime.KERNEL32(?,00ECCF52,?,00000003,00000003,?,00ECCF87,?,?,?,00000003,00000003,?,00ECC4FD,00EB2FB9,00000001), ref: 00ECCC03
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Time$FilePreciseSystem
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1802150274-0
                                                                                                                                                                                                                                                                            • Opcode ID: 63b532d91ecf8fb0ba12f24d1c8288485fd4ca6cc3b2f7d1080c77e297e34c74
                                                                                                                                                                                                                                                                            • Instruction ID: d0490191e959b88a03c5835a980d706b1cbbc58d6789b7ac52508b49d2c090fb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63b532d91ecf8fb0ba12f24d1c8288485fd4ca6cc3b2f7d1080c77e297e34c74
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3D0223264213CA78A012B94EC08EECFB489E01B143001015ED0C63220CE126C41ABD0
                                                                                                                                                                                                                                                                            Function 00EE7F36 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                            • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                            • Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                                                                                                                                                                                                                                            • Instruction ID: be255a9b4493cb3a6735a96f02cb944842ddcade86eef741e40360e48d608c09
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77517B303086CC5AFB388A6B8A957BE67DA9F51308F143519E4CAF7282CE629D49C351
                                                                                                                                                                                                                                                                            Function 00EB4DE0 Relevance: .7, Instructions: 701COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: f08738f3b67a5825a147752b14d0c8de69aa74da308a2a099fecb6eff303a9dd
                                                                                                                                                                                                                                                                            • Instruction ID: 8576160296e1f7560ec0bf20a3b7e2b6e8c977095e8c82d53db405a8bae6b507
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f08738f3b67a5825a147752b14d0c8de69aa74da308a2a099fecb6eff303a9dd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 472260B3F515144BDB0CCB9DDCA27ECB2E3AFD8218B0E803DA40AE3345EA79D9159644
                                                                                                                                                                                                                                                                            Function 00EF7049 Relevance: .3, Instructions: 275COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: a0dd1a01f49a9df99249a0d38817d96a12f3e12c264f9173a9a0b7b7095b287e
                                                                                                                                                                                                                                                                            • Instruction ID: 799cf64583a2845db198167f53a8dfb09393ed78d168a585e5d77f8b17651606
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0dd1a01f49a9df99249a0d38817d96a12f3e12c264f9173a9a0b7b7095b287e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13B17C31614608DFE728CF28C486BA57BE1FF45368F259658E9D9DF2A1C335E982CB40
                                                                                                                                                                                                                                                                            Function 00EB4B30 Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: a2549062a48b9aa67f4678d7ace15cefff7d1bdc3353d4531cb3da8ae263960e
                                                                                                                                                                                                                                                                            • Instruction ID: 8dbfdeca77e258aa49f04e01d8714084e0b66c95f6a86479191909156ed45ddb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2549062a48b9aa67f4678d7ace15cefff7d1bdc3353d4531cb3da8ae263960e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A81DCB4A0024A8FEB15CFA8D890BEEFBF1FB19300F155669D950A7393C7359945CBA0
                                                                                                                                                                                                                                                                            Function 00FC7B6E Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d80db967de32208a2b79ca2d44e0b921f8712907c3dc65317ed6cb110e9f2c8f
                                                                                                                                                                                                                                                                            • Instruction ID: 814579470096ee5872a612d33566bf9ae0afdfe74f868784cf5feb96a9c378fd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d80db967de32208a2b79ca2d44e0b921f8712907c3dc65317ed6cb110e9f2c8f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B5169F3E112654BF3544938CD583A12683DB91324F2F82788F5CAB7C9E97E5D4A5384
                                                                                                                                                                                                                                                                            Function 00EF78BB Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 51859d6decf8aeddf893813abc56e6819ac6ac842f58431fd2f4449686d8e332
                                                                                                                                                                                                                                                                            • Instruction ID: 4c5a38e1c22350e57121459d957bb097de6ff685ca7daaaf0accd762c78f01d7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51859d6decf8aeddf893813abc56e6819ac6ac842f58431fd2f4449686d8e332
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7021B673F204394B770CC47E8C522BDB6E1C78C541745823AE8A6EA2C1D968D917E2E4
                                                                                                                                                                                                                                                                            Function 00EF779B Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 57dae5cbc606bd992ed86cc101883316a69cfa8a7b06fc0440ea4fb340458d0c
                                                                                                                                                                                                                                                                            • Instruction ID: 98ca5e7df609455637bc245ddca61e3f0bc840708b00b51eb8891f2b4312c2a3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57dae5cbc606bd992ed86cc101883316a69cfa8a7b06fc0440ea4fb340458d0c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31118623F30C295B675C816D8C172BAA5D2EBD825071F533AD826E72C4E9A4DE23D290
                                                                                                                                                                                                                                                                            Function 00EF8860 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                            • Instruction ID: f5366ffbe4b618dceb941b55050e72184d75ace7ab1070a7b0b4a8b1fba9d1a3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3115B772001CA43E60C8A3DCAB45F7A795EBC53697EC637AC3427B748DA22D8419600
                                                                                                                                                                                                                                                                            Function 00EEA302 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                                                                                                                                                                                                                                            • Instruction ID: 61967cdf2cd76f1d6323d63469ba6599fe0911cb80c84721b5590d171bcf4b56
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0AE0863291116CEBCB14DB99C50498EF3ECEB49B00B55106AF501E3250C270EE00C7D0
                                                                                                                                                                                                                                                                            Function 00EB2EC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 57040152-0
                                                                                                                                                                                                                                                                            • Opcode ID: f71498d7300ed232b924b0220695a7806a5cb9df5442b14273d0e19cab7002c3
                                                                                                                                                                                                                                                                            • Instruction ID: 924b8eccaf7d4362bdb982d92894bc7d742d61c020348e4af729e0e73bd6c356
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f71498d7300ed232b924b0220695a7806a5cb9df5442b14273d0e19cab7002c3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75A1D270A016059FDB10DB74CA45BABB7E8FF15318F14912DE819F7251EB32EA05CB91
                                                                                                                                                                                                                                                                            Function 00EECBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _strrchr
                                                                                                                                                                                                                                                                            • String ID: v
                                                                                                                                                                                                                                                                            • API String ID: 3213747228-1361604894
                                                                                                                                                                                                                                                                            • Opcode ID: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
                                                                                                                                                                                                                                                                            • Instruction ID: 998f46ccf1bc3f52bf6e6ef7529c5f3734c083e9d22842cab6f5f45ef25e9a5d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2B111329002C99FDB158F6AC881BBEBBE5EF45344F3451AAE855FB242D6359D02CB60
                                                                                                                                                                                                                                                                            Function 00ECBB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2108752240.0000000000EB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108737379.0000000000EB0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108752240.0000000000F12000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108810287.0000000000F19000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108825547.0000000000F1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108841813.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108975368.0000000001082000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2108992673.0000000001085000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.000000000109B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109012828.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109043429.00000000010AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109056909.00000000010AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109070669.00000000010AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109085283.00000000010AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109101813.00000000010B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109121929.00000000010B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109138113.00000000010BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109152636.00000000010BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109166889.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109182260.00000000010C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109204520.00000000010E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109224692.00000000010F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109243542.000000000110C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109263138.0000000001112000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109286174.0000000001113000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109314718.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109336373.000000000111E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109359495.0000000001124000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109376438.0000000001132000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109391214.0000000001134000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109404905.0000000001135000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109420568.0000000001138000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109435863.0000000001140000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109455839.0000000001141000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109566616.0000000001148000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109585636.000000000114A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109600415.000000000114B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109616859.0000000001153000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109636838.0000000001164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109652621.0000000001167000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109668086.0000000001168000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109683100.0000000001169000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109698240.000000000116A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.000000000116C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109713474.0000000001193000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109757237.00000000011AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109771956.00000000011AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109787774.00000000011C3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109803892.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109818359.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109833315.00000000011CA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109847962.00000000011CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109865943.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2109881201.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_eb0000_file.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 531285432-0
                                                                                                                                                                                                                                                                            • Opcode ID: c02fb1969a86da8d9ae371874a44b4ebc4d54d3d51e945786e4422ee919f0e2a
                                                                                                                                                                                                                                                                            • Instruction ID: c7eed2ad7f18daaffa79b2c9d1be7a4d6b4a872ab5e8f106a0bb048007de42d8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c02fb1969a86da8d9ae371874a44b4ebc4d54d3d51e945786e4422ee919f0e2a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8211D71A00119AFDF00EBA4DA82EBEB7B9EF48714F50505DF505B7251DB319D029BA1

                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                            Execution Coverage:0.9%
                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                                                                                                            Total number of Nodes:1838
                                                                                                                                                                                                                                                                            Total number of Limit Nodes:15
                                                                                                                                                                                                                                                                            execution_graph 9844 6c1860 9845 6d80c0 RtlAllocateHeap 9844->9845 9846 6c1871 9845->9846 9849 6dd64e 9846->9849 9852 6dd621 9849->9852 9853 6dd637 9852->9853 9854 6dd630 9852->9854 9861 6f98fa 9853->9861 9858 6f988e 9854->9858 9857 6c187b 9859 6f98fa RtlAllocateHeap 9858->9859 9860 6f98a0 9859->9860 9860->9857 9864 6f9630 9861->9864 9863 6f992b 9863->9857 9865 6f963c __dosmaperr 9864->9865 9868 6f968b 9865->9868 9867 6f9657 9867->9863 9869 6f96a7 9868->9869 9871 6f971e __dosmaperr 9868->9871 9870 6f96fe 9869->9870 9869->9871 9878 6fedf6 9869->9878 9870->9871 9873 6fedf6 RtlAllocateHeap 9870->9873 9871->9867 9875 6f9714 9873->9875 9874 6f96f4 9877 6fadf5 __freea RtlAllocateHeap 9874->9877 9876 6fadf5 __freea RtlAllocateHeap 9875->9876 9876->9871 9877->9870 9879 6fee1e 9878->9879 9880 6fee03 9878->9880 9882 6fee2d 9879->9882 9887 704fdc 9879->9887 9880->9879 9881 6fee0f 9880->9881 9883 6f75f6 __dosmaperr RtlAllocateHeap 9881->9883 9894 70500f 9882->9894 9886 6fee14 __cftof 9883->9886 9886->9874 9888 704fe7 9887->9888 9889 704ffc 9887->9889 9890 6f75f6 __dosmaperr RtlAllocateHeap 9888->9890 9889->9882 9891 704fec 9890->9891 9892 6f6c5a __cftof RtlAllocateHeap 9891->9892 9893 704ff7 9892->9893 9893->9882 9895 705027 9894->9895 9896 70501c 9894->9896 9898 70502f 9895->9898 9902 705038 __dosmaperr 9895->9902 9903 6fb04b 9896->9903 9899 6fadf5 __freea RtlAllocateHeap 9898->9899 9901 705024 9899->9901 9900 6f75f6 __dosmaperr RtlAllocateHeap 9900->9901 9901->9886 9902->9900 9902->9901 9904 6fb059 __dosmaperr 9903->9904 9905 6f75f6 __dosmaperr RtlAllocateHeap 9904->9905 9906 6fb087 9904->9906 9905->9906 9906->9901 9942 6ca079 9943 6ca081 shared_ptr 9942->9943 9944 6ca930 9943->9944 9946 6ca154 shared_ptr 9943->9946 9945 6f6c6a RtlAllocateHeap 9944->9945 9947 6ca953 Sleep CreateMutexA 9945->9947 9948 6d80c0 RtlAllocateHeap 9946->9948 9950 6ca98e 9947->9950 9949 6ca903 9948->9949 9951 6ccc79 9952 6ccc84 shared_ptr 9951->9952 9953 6cccda shared_ptr std::future_error::future_error 9952->9953 9954 6f6c6a RtlAllocateHeap 9952->9954 9955 6cce36 9954->9955 9961 6d7a00 9955->9961 9957 6cce92 9975 6c5c10 9957->9975 9959 6cce9d 10026 6cca70 9959->10026 9962 6d7a26 9961->9962 9963 6d7a2d 9962->9963 9964 6d7a81 9962->9964 9965 6d7a62 9962->9965 9963->9957 9969 6dd3e2 RtlAllocateHeap 9964->9969 9973 6d7a76 __cftof 9964->9973 9966 6d7ab9 9965->9966 9967 6d7a69 9965->9967 9970 6c2480 RtlAllocateHeap 9966->9970 9968 6dd3e2 RtlAllocateHeap 9967->9968 9971 6d7a6f 9968->9971 9969->9973 9970->9971 9972 6f6c6a RtlAllocateHeap 9971->9972 9971->9973 9974 6d7ac3 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ __Cnd_unregister_at_thread_exit 9972->9974 9973->9957 9974->9957 10046 6c5940 9975->10046 9977 6c5c54 10049 6c4b30 9977->10049 9980 6c5d17 shared_ptr std::future_error::future_error 9980->9959 9981 6f6c6a RtlAllocateHeap 9982 6c5d47 __cftof 9981->9982 9982->9982 9983 6d80c0 RtlAllocateHeap 9982->9983 9985 6c5e3e 9983->9985 9984 6c5ea6 shared_ptr std::future_error::future_error 9984->9959 9985->9984 9986 6f6c6a RtlAllocateHeap 9985->9986 9987 6c5ed2 9986->9987 9988 6c5ffe shared_ptr std::future_error::future_error 9987->9988 9989 6f6c6a RtlAllocateHeap 9987->9989 9988->9959 9990 6c601b 9989->9990 9991 6d80c0 RtlAllocateHeap 9990->9991 9992 6c6089 9991->9992 9993 6d80c0 RtlAllocateHeap 9992->9993 9994 6c60bd 9993->9994 9995 6d80c0 RtlAllocateHeap 9994->9995 9996 6c60ee 9995->9996 9997 6d80c0 RtlAllocateHeap 9996->9997 9998 6c611f 9997->9998 9999 6d80c0 RtlAllocateHeap 9998->9999 10001 6c6150 9999->10001 10000 6c65b1 shared_ptr std::future_error::future_error 10000->9959 10001->10000 10002 6f6c6a RtlAllocateHeap 10001->10002 10003 6c65dc 10002->10003 10004 6d7a00 RtlAllocateHeap 10003->10004 10005 6c66a6 10004->10005 10006 6c5c10 4 API calls 10005->10006 10007 6c66ac 10006->10007 10008 6c5c10 4 API calls 10007->10008 10009 6c66b1 10008->10009 10056 6c22c0 10009->10056 10011 6c66c9 shared_ptr 10012 6d7a00 RtlAllocateHeap 10011->10012 10013 6c6732 10012->10013 10014 6c5c10 4 API calls 10013->10014 10015 6c673d 10014->10015 10016 6c22c0 4 API calls 10015->10016 10025 6c6757 shared_ptr 10016->10025 10017 6c6852 10018 6d80c0 RtlAllocateHeap 10017->10018 10020 6c689c 10018->10020 10019 6d7a00 RtlAllocateHeap 10019->10025 10021 6d80c0 RtlAllocateHeap 10020->10021 10023 6c68e3 shared_ptr std::future_error::future_error 10021->10023 10022 6c5c10 4 API calls 10022->10025 10023->9959 10024 6c22c0 4 API calls 10024->10025 10025->10017 10025->10019 10025->10022 10025->10024 10027 6ccadd 10026->10027 10028 6ccc87 10027->10028 10030 6d7a00 RtlAllocateHeap 10027->10030 10029 6cccda shared_ptr std::future_error::future_error 10028->10029 10033 6f6c6a RtlAllocateHeap 10028->10033 10031 6cccee 10030->10031 10032 6c5c10 4 API calls 10031->10032 10034 6cccf9 10032->10034 10035 6cce36 10033->10035 10549 6c9030 10034->10549 10037 6d7a00 RtlAllocateHeap 10035->10037 10039 6cce92 10037->10039 10038 6ccd0d 10562 6d8220 10038->10562 10041 6c5c10 4 API calls 10039->10041 10042 6cce9d 10041->10042 10044 6cca70 4 API calls 10042->10044 10043 6ccd1f 10570 6d8f40 10043->10570 10059 6d7f80 10046->10059 10048 6c596b 10048->9977 10050 6c4dc2 10049->10050 10052 6c4b92 10049->10052 10050->9980 10050->9981 10053 6c4ce5 10052->10053 10074 6f6da6 10052->10074 10079 6d8ca0 10052->10079 10053->10050 10054 6d8ca0 RtlAllocateHeap 10053->10054 10054->10053 10263 6c2280 10056->10263 10063 6d7f9e __cftof 10059->10063 10064 6d7fc7 10059->10064 10060 6d80b3 10061 6d9270 RtlAllocateHeap 10060->10061 10062 6d80b8 10061->10062 10065 6c2480 RtlAllocateHeap 10062->10065 10063->10048 10064->10060 10066 6d803e 10064->10066 10067 6d801b 10064->10067 10068 6d80bd 10065->10068 10069 6dd3e2 RtlAllocateHeap 10066->10069 10071 6d802c __cftof 10066->10071 10067->10062 10070 6dd3e2 RtlAllocateHeap 10067->10070 10069->10071 10070->10071 10072 6d8095 shared_ptr 10071->10072 10073 6f6c6a RtlAllocateHeap 10071->10073 10072->10048 10073->10060 10075 6f6db4 10074->10075 10076 6f6dc2 10074->10076 10094 6f6d19 10075->10094 10076->10052 10080 6d8dc9 10079->10080 10082 6d8cc3 10079->10082 10081 6d9270 RtlAllocateHeap 10080->10081 10083 6d8dce 10081->10083 10084 6d8d2f 10082->10084 10085 6d8d05 10082->10085 10086 6c2480 RtlAllocateHeap 10083->10086 10090 6dd3e2 RtlAllocateHeap 10084->10090 10092 6d8d16 __cftof 10084->10092 10085->10083 10087 6d8d10 10085->10087 10086->10092 10089 6dd3e2 RtlAllocateHeap 10087->10089 10088 6f6c6a RtlAllocateHeap 10091 6d8dd8 10088->10091 10089->10092 10090->10092 10092->10088 10093 6d8d8b shared_ptr __cftof 10092->10093 10093->10052 10099 6f690a 10094->10099 10098 6f6d3d 10098->10052 10100 6f692a 10099->10100 10106 6f6921 10099->10106 10100->10106 10113 6fa671 10100->10113 10107 6f6d52 10106->10107 10108 6f6d8f 10107->10108 10110 6f6d5f 10107->10110 10247 6fb67d 10108->10247 10111 6f6d6e 10110->10111 10242 6fb6a1 10110->10242 10111->10098 10114 6fa67b __dosmaperr 10113->10114 10115 6fd82f __dosmaperr RtlAllocateHeap 10114->10115 10117 6fa694 10114->10117 10116 6fa6bc __dosmaperr 10115->10116 10120 6fa6fc 10116->10120 10121 6fa6c4 __dosmaperr 10116->10121 10118 6f694a 10117->10118 10135 6f8bec 10117->10135 10127 6fb5fb 10118->10127 10124 6fa49f __dosmaperr RtlAllocateHeap 10120->10124 10122 6fadf5 __freea RtlAllocateHeap 10121->10122 10122->10117 10125 6fa707 10124->10125 10126 6fadf5 __freea RtlAllocateHeap 10125->10126 10126->10117 10128 6fb60e 10127->10128 10130 6f6960 10127->10130 10128->10130 10168 6ff5ab 10128->10168 10131 6fb628 10130->10131 10132 6fb63b 10131->10132 10134 6fb650 10131->10134 10132->10134 10181 6fe6b1 10132->10181 10134->10106 10136 6f8bf1 __cftof 10135->10136 10140 6f8bfc __cftof 10136->10140 10141 6fd634 10136->10141 10162 6f65ed 10140->10162 10142 6fd640 __dosmaperr 10141->10142 10143 6fa7c8 __dosmaperr RtlAllocateHeap 10142->10143 10147 6fd667 __cftof 10142->10147 10150 6fd66d __cftof __dosmaperr 10142->10150 10143->10147 10144 6fd6b2 10145 6f75f6 __dosmaperr RtlAllocateHeap 10144->10145 10146 6fd6b7 10145->10146 10148 6f6c5a __cftof RtlAllocateHeap 10146->10148 10147->10144 10149 6fd69c 10147->10149 10147->10150 10148->10149 10149->10140 10151 6fd81b __dosmaperr 10150->10151 10152 6fd726 10150->10152 10159 6fd751 __cftof 10150->10159 10153 6f65ed __cftof 3 API calls 10151->10153 10152->10159 10165 6fd62b 10152->10165 10154 6fd82e 10153->10154 10156 6fa671 __cftof 4 API calls 10160 6fd7a5 10156->10160 10158 6fd62b __cftof 4 API calls 10158->10159 10159->10149 10159->10156 10159->10160 10160->10149 10161 6fa671 __cftof 4 API calls 10160->10161 10161->10149 10163 6f64c7 __cftof 3 API calls 10162->10163 10164 6f65fe 10163->10164 10166 6fa671 __cftof 4 API calls 10165->10166 10167 6fd630 10166->10167 10167->10158 10169 6ff5b7 __dosmaperr 10168->10169 10170 6fa671 __cftof 4 API calls 10169->10170 10172 6ff5c0 __dosmaperr 10170->10172 10171 6ff606 10171->10130 10172->10171 10177 6ff62c 10172->10177 10174 6ff5ef __cftof 10174->10171 10175 6f8bec __cftof 4 API calls 10174->10175 10176 6ff62b 10175->10176 10178 6ff63a __cftof 10177->10178 10180 6ff647 10177->10180 10179 6ff35f __cftof RtlAllocateHeap 10178->10179 10178->10180 10179->10180 10180->10174 10182 6fa671 __cftof 4 API calls 10181->10182 10183 6fe6bb 10182->10183 10186 6fe5c9 10183->10186 10185 6fe6c1 10185->10134 10187 6fe5d5 __dosmaperr 10186->10187 10189 6fe5ef __cftof 10187->10189 10194 6fadf5 __freea RtlAllocateHeap 10187->10194 10188 6fe5f6 10188->10185 10189->10188 10190 6f8bec __cftof 4 API calls 10189->10190 10191 6fe668 10190->10191 10192 6fe6a4 10191->10192 10197 6fa72e 10191->10197 10192->10185 10194->10189 10198 6fa739 __dosmaperr 10197->10198 10199 6fa745 10198->10199 10200 6fd82f __dosmaperr RtlAllocateHeap 10198->10200 10201 6f8bec __cftof 4 API calls 10199->10201 10203 6fa7be 10199->10203 10204 6fa769 __dosmaperr 10200->10204 10202 6fa7c7 10201->10202 10211 6fe4b0 10203->10211 10205 6fa7a5 10204->10205 10206 6fa771 __dosmaperr 10204->10206 10207 6fa49f __dosmaperr RtlAllocateHeap 10205->10207 10208 6fadf5 __freea RtlAllocateHeap 10206->10208 10209 6fa7b0 10207->10209 10208->10199 10210 6fadf5 __freea RtlAllocateHeap 10209->10210 10210->10199 10212 6fe5c9 __cftof 4 API calls 10211->10212 10213 6fe4c3 10212->10213 10230 6fe259 10213->10230 10215 6fe4dc 10215->10192 10217 6fb04b __cftof RtlAllocateHeap 10218 6fe4ed 10217->10218 10219 6fe51f 10218->10219 10233 6fe6c4 10218->10233 10221 6fadf5 __freea RtlAllocateHeap 10219->10221 10223 6fe52d 10221->10223 10222 6fe512 10224 6fe51a 10222->10224 10227 6fe535 __cftof 10222->10227 10223->10192 10225 6f75f6 __dosmaperr RtlAllocateHeap 10224->10225 10225->10219 10226 6fe561 10226->10219 10238 6fe14b 10226->10238 10227->10226 10228 6fadf5 __freea RtlAllocateHeap 10227->10228 10228->10226 10231 6f690a __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 10230->10231 10232 6fe26b 10231->10232 10232->10215 10232->10217 10234 6fe259 __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 10233->10234 10237 6fe6e4 __cftof 10234->10237 10235 6fe75a __cftof std::future_error::future_error 10235->10222 10236 6fe32f __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 10236->10235 10237->10235 10237->10236 10239 6fe157 __dosmaperr 10238->10239 10240 6fe198 __cftof RtlAllocateHeap 10239->10240 10241 6fe16e __cftof 10240->10241 10241->10219 10243 6f690a __cftof 4 API calls 10242->10243 10244 6fb6be 10243->10244 10246 6fb6ce std::future_error::future_error 10244->10246 10252 6ff1bf 10244->10252 10246->10111 10248 6fa671 __cftof 4 API calls 10247->10248 10249 6fb688 10248->10249 10250 6fb5fb __cftof 4 API calls 10249->10250 10251 6fb698 10250->10251 10251->10111 10253 6f690a __cftof 4 API calls 10252->10253 10254 6ff1df __cftof 10253->10254 10255 6ff29d std::future_error::future_error 10254->10255 10256 6fb04b __cftof RtlAllocateHeap 10254->10256 10258 6ff232 __cftof 10254->10258 10255->10246 10256->10258 10259 6ff2c2 10258->10259 10260 6ff2ce 10259->10260 10261 6ff2df 10259->10261 10260->10261 10262 6fadf5 __freea RtlAllocateHeap 10260->10262 10261->10255 10262->10261 10264 6c2296 10263->10264 10267 6f87f8 10264->10267 10270 6f7609 10267->10270 10269 6c22a4 10269->10011 10271 6f7649 10270->10271 10272 6f7631 10270->10272 10271->10272 10274 6f7651 10271->10274 10273 6f75f6 __dosmaperr RtlAllocateHeap 10272->10273 10275 6f7636 10273->10275 10276 6f690a __cftof 4 API calls 10274->10276 10277 6f6c5a __cftof RtlAllocateHeap 10275->10277 10278 6f7661 10276->10278 10279 6f7641 std::future_error::future_error 10277->10279 10283 6f7bc4 10278->10283 10279->10269 10299 6f868d 10283->10299 10285 6f7be4 10287 6f75f6 __dosmaperr RtlAllocateHeap 10285->10287 10286 6f76e8 10296 6f7a19 10286->10296 10288 6f7be9 10287->10288 10289 6f6c5a __cftof RtlAllocateHeap 10288->10289 10289->10286 10290 6f7bd5 10290->10285 10290->10286 10306 6f7d15 10290->10306 10314 6f8168 10290->10314 10319 6f7dc2 10290->10319 10324 6f7de8 10290->10324 10353 6f7f36 10290->10353 10297 6fadf5 __freea RtlAllocateHeap 10296->10297 10298 6f7a29 10297->10298 10298->10279 10300 6f86a5 10299->10300 10301 6f8692 10299->10301 10300->10290 10302 6f75f6 __dosmaperr RtlAllocateHeap 10301->10302 10303 6f8697 10302->10303 10304 6f6c5a __cftof RtlAllocateHeap 10303->10304 10305 6f86a2 10304->10305 10305->10290 10375 6f7d34 10306->10375 10308 6f7d1a 10309 6f7d31 10308->10309 10310 6f75f6 __dosmaperr RtlAllocateHeap 10308->10310 10309->10290 10311 6f7d23 10310->10311 10312 6f6c5a __cftof RtlAllocateHeap 10311->10312 10313 6f7d2e 10312->10313 10313->10290 10315 6f8171 10314->10315 10317 6f8178 10314->10317 10384 6f7b50 10315->10384 10317->10290 10320 6f7dcb 10319->10320 10322 6f7dd2 10319->10322 10321 6f7b50 4 API calls 10320->10321 10323 6f7dd1 10321->10323 10322->10290 10323->10290 10325 6f7def 10324->10325 10326 6f7e09 10324->10326 10327 6f7f4f 10325->10327 10328 6f7fbb 10325->10328 10330 6f7e39 10325->10330 10329 6f75f6 __dosmaperr RtlAllocateHeap 10326->10329 10326->10330 10341 6f7f92 10327->10341 10343 6f7f5b 10327->10343 10332 6f7fc2 10328->10332 10333 6f8001 10328->10333 10328->10341 10331 6f7e25 10329->10331 10330->10290 10334 6f6c5a __cftof RtlAllocateHeap 10331->10334 10337 6f7f69 10332->10337 10338 6f7fc7 10332->10338 10443 6f8604 10333->10443 10336 6f7e30 10334->10336 10336->10290 10351 6f7f77 10337->10351 10352 6f7f8b 10337->10352 10437 6f8241 10337->10437 10338->10341 10342 6f7fcc 10338->10342 10340 6f7fa2 10340->10352 10414 6f8390 10340->10414 10341->10351 10341->10352 10428 6f8420 10341->10428 10345 6f7fdf 10342->10345 10346 6f7fd1 10342->10346 10343->10337 10343->10340 10343->10351 10422 6f8571 10345->10422 10346->10352 10418 6f85e5 10346->10418 10351->10352 10446 6f86ea 10351->10446 10352->10290 10354 6f7f4f 10353->10354 10355 6f7fbb 10353->10355 10364 6f7f92 10354->10364 10365 6f7f5b 10354->10365 10356 6f7fc2 10355->10356 10357 6f8001 10355->10357 10355->10364 10358 6f7f69 10356->10358 10359 6f7fc7 10356->10359 10360 6f8604 RtlAllocateHeap 10357->10360 10361 6f8241 4 API calls 10358->10361 10373 6f7f77 10358->10373 10374 6f7f8b 10358->10374 10362 6f7fcc 10359->10362 10359->10364 10360->10373 10361->10373 10367 6f7fdf 10362->10367 10368 6f7fd1 10362->10368 10363 6f7fa2 10370 6f8390 4 API calls 10363->10370 10363->10374 10366 6f8420 RtlAllocateHeap 10364->10366 10364->10373 10364->10374 10365->10358 10365->10363 10365->10373 10366->10373 10369 6f8571 RtlAllocateHeap 10367->10369 10371 6f85e5 RtlAllocateHeap 10368->10371 10368->10374 10369->10373 10370->10373 10371->10373 10372 6f86ea 4 API calls 10372->10374 10373->10372 10373->10374 10374->10290 10378 6f7d5e 10375->10378 10377 6f7d40 10377->10308 10379 6f7d80 10378->10379 10380 6f75f6 __dosmaperr RtlAllocateHeap 10379->10380 10383 6f7db7 10379->10383 10381 6f7dac 10380->10381 10382 6f6c5a __cftof RtlAllocateHeap 10381->10382 10382->10383 10383->10377 10385 6f7b67 10384->10385 10386 6f7b62 10384->10386 10392 6f8ab6 10385->10392 10387 6f75f6 __dosmaperr RtlAllocateHeap 10386->10387 10387->10385 10390 6f75f6 __dosmaperr RtlAllocateHeap 10391 6f7b99 10390->10391 10391->10290 10393 6f8ad1 10392->10393 10396 6f8868 10393->10396 10397 6f868d RtlAllocateHeap 10396->10397 10400 6f887a 10397->10400 10398 6f88b3 10401 6f690a __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 10398->10401 10399 6f888f 10402 6f75f6 __dosmaperr RtlAllocateHeap 10399->10402 10400->10398 10400->10399 10413 6f7b85 10400->10413 10406 6f88bf 10401->10406 10403 6f8894 10402->10403 10405 6f6c5a __cftof RtlAllocateHeap 10403->10405 10404 6f6d52 GetPEB ExitProcess GetPEB RtlAllocateHeap 10404->10406 10405->10413 10406->10404 10407 6f88ee 10406->10407 10409 6f8a8d RtlAllocateHeap 10407->10409 10410 6f8958 10407->10410 10408 6f8a8d RtlAllocateHeap 10411 6f8a20 10408->10411 10409->10410 10410->10408 10412 6f75f6 __dosmaperr RtlAllocateHeap 10411->10412 10411->10413 10412->10413 10413->10390 10413->10391 10415 6f83ab 10414->10415 10416 6f83dd 10415->10416 10450 6fc88e 10415->10450 10416->10351 10419 6f85f1 10418->10419 10420 6f8420 RtlAllocateHeap 10419->10420 10421 6f8603 10420->10421 10421->10351 10425 6f8586 10422->10425 10423 6f75f6 __dosmaperr RtlAllocateHeap 10424 6f858f 10423->10424 10426 6f6c5a __cftof RtlAllocateHeap 10424->10426 10425->10423 10427 6f859a 10425->10427 10426->10427 10427->10351 10429 6f8433 10428->10429 10430 6f844e 10429->10430 10432 6f8465 10429->10432 10431 6f75f6 __dosmaperr RtlAllocateHeap 10430->10431 10433 6f8453 10431->10433 10436 6f845e 10432->10436 10474 6f779f 10432->10474 10434 6f6c5a __cftof RtlAllocateHeap 10433->10434 10434->10436 10436->10351 10438 6f825a 10437->10438 10439 6f779f RtlAllocateHeap 10438->10439 10440 6f8297 10439->10440 10487 6fd3c8 10440->10487 10442 6f830d 10442->10351 10442->10442 10444 6f8420 RtlAllocateHeap 10443->10444 10445 6f861b 10444->10445 10445->10351 10447 6f875d std::future_error::future_error 10446->10447 10449 6f8707 10446->10449 10447->10352 10448 6fc88e __cftof 4 API calls 10448->10449 10449->10447 10449->10448 10453 6fc733 10450->10453 10454 6fc743 10453->10454 10455 6fc76d 10454->10455 10456 6fc781 10454->10456 10463 6fc748 10454->10463 10458 6f75f6 __dosmaperr RtlAllocateHeap 10455->10458 10457 6f690a __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 10456->10457 10459 6fc78c 10457->10459 10460 6fc772 10458->10460 10462 6fc79c 10459->10462 10467 6fc7c8 __cftof 10459->10467 10461 6f6c5a __cftof RtlAllocateHeap 10460->10461 10461->10463 10464 702b7d __cftof RtlAllocateHeap 10462->10464 10463->10416 10465 6fc7b1 10464->10465 10465->10463 10470 6f75f6 __dosmaperr RtlAllocateHeap 10465->10470 10466 6fc815 __cftof 10466->10463 10471 6f75f6 __dosmaperr RtlAllocateHeap 10466->10471 10467->10466 10469 6fc7de __cftof 10467->10469 10468 6f75f6 __dosmaperr RtlAllocateHeap 10468->10463 10469->10463 10469->10468 10470->10463 10472 6fc87f 10471->10472 10473 6f6c5a __cftof RtlAllocateHeap 10472->10473 10473->10463 10475 6f77b4 10474->10475 10476 6f77c3 10474->10476 10477 6f75f6 __dosmaperr RtlAllocateHeap 10475->10477 10478 6f77b9 10476->10478 10479 6fb04b __cftof RtlAllocateHeap 10476->10479 10477->10478 10478->10436 10480 6f77ea 10479->10480 10481 6f7801 10480->10481 10484 6f7a33 10480->10484 10483 6fadf5 __freea RtlAllocateHeap 10481->10483 10483->10478 10485 6fadf5 __freea RtlAllocateHeap 10484->10485 10486 6f7a42 10485->10486 10486->10481 10488 6fd3ee 10487->10488 10489 6fd3d8 10487->10489 10488->10489 10494 6fd400 10488->10494 10490 6f75f6 __dosmaperr RtlAllocateHeap 10489->10490 10491 6fd3dd 10490->10491 10492 6f6c5a __cftof RtlAllocateHeap 10491->10492 10493 6fd3e7 10492->10493 10493->10442 10495 6fd467 10494->10495 10499 6fd439 10494->10499 10496 6fd485 10495->10496 10497 6fd48a 10495->10497 10500 6fd4ae 10496->10500 10501 6fd4e4 10496->10501 10513 6fcbdf 10497->10513 10508 6fd2ff 10499->10508 10504 6fd4cc 10500->10504 10505 6fd4b3 10500->10505 10541 6fcef8 10501->10541 10534 6fd0e2 10504->10534 10524 6fd23e 10505->10524 10509 6fd315 10508->10509 10510 6fd320 10508->10510 10509->10493 10511 6fa1f1 ___std_exception_copy RtlAllocateHeap 10510->10511 10512 6fd37b __cftof 10511->10512 10512->10493 10514 6fcbf1 10513->10514 10515 6f690a __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 10514->10515 10516 6fcc05 10515->10516 10517 6fcc0d 10516->10517 10518 6fcc21 10516->10518 10519 6f75f6 __dosmaperr RtlAllocateHeap 10517->10519 10521 6fcef8 GetPEB ExitProcess GetPEB RtlAllocateHeap 10518->10521 10523 6fcc1c __alldvrm __cftof _strrchr 10518->10523 10520 6fcc12 10519->10520 10522 6f6c5a __cftof RtlAllocateHeap 10520->10522 10521->10523 10522->10523 10523->10493 10525 7031a8 RtlAllocateHeap 10524->10525 10526 6fd26c 10525->10526 10527 702c47 RtlAllocateHeap 10526->10527 10529 6fd29e 10527->10529 10528 6fd2de 10530 6fcf9a GetPEB ExitProcess GetPEB RtlAllocateHeap 10528->10530 10529->10528 10531 6fd2b7 10529->10531 10532 6fd2a5 10529->10532 10530->10532 10533 6fd16d GetPEB ExitProcess GetPEB RtlAllocateHeap 10531->10533 10532->10493 10533->10532 10535 7031a8 RtlAllocateHeap 10534->10535 10536 6fd10f 10535->10536 10537 702c47 RtlAllocateHeap 10536->10537 10538 6fd147 10537->10538 10539 6fd14e 10538->10539 10540 6fd16d GetPEB ExitProcess GetPEB RtlAllocateHeap 10538->10540 10539->10493 10540->10539 10542 6fcf10 10541->10542 10543 7031a8 RtlAllocateHeap 10542->10543 10544 6fcf29 10543->10544 10545 702c47 RtlAllocateHeap 10544->10545 10546 6fcf6e 10545->10546 10547 6fcf75 10546->10547 10548 6fcf9a GetPEB ExitProcess GetPEB RtlAllocateHeap 10546->10548 10547->10493 10548->10547 10550 6c907f 10549->10550 10551 6d7a00 RtlAllocateHeap 10550->10551 10552 6c908f 10551->10552 10553 6c5c10 4 API calls 10552->10553 10554 6c909a 10553->10554 10555 6d80c0 RtlAllocateHeap 10554->10555 10556 6c90ec 10555->10556 10557 6d8220 RtlAllocateHeap 10556->10557 10558 6c90fe shared_ptr 10557->10558 10559 6c917e shared_ptr std::future_error::future_error 10558->10559 10560 6f6c6a RtlAllocateHeap 10558->10560 10559->10038 10561 6c91aa 10560->10561 10563 6d8248 10562->10563 10564 6d8292 10562->10564 10563->10564 10565 6d8251 10563->10565 10566 6d82a1 10564->10566 10568 6d8f40 RtlAllocateHeap 10564->10568 10591 6d9280 10565->10591 10566->10043 10568->10566 10569 6d825a 10569->10043 10571 6d908e 10570->10571 10572 6d8f6b 10570->10572 10573 6d9270 RtlAllocateHeap 10571->10573 10576 6d8fdc 10572->10576 10577 6d8fb2 10572->10577 10574 6d9093 10573->10574 10575 6c2480 RtlAllocateHeap 10574->10575 10587 6d8fc3 __cftof 10575->10587 10580 6dd3e2 RtlAllocateHeap 10576->10580 10576->10587 10577->10574 10578 6d8fbd 10577->10578 10579 6dd3e2 RtlAllocateHeap 10578->10579 10579->10587 10580->10587 10581 6f6c6a RtlAllocateHeap 10582 6d909d 10581->10582 10583 6d90b8 10582->10583 10585 6c2480 Concurrency::cancel_current_task 10582->10585 10586 6d90be 10582->10586 10584 6dd3e2 RtlAllocateHeap 10583->10584 10584->10586 10589 6f38af ___std_exception_copy RtlAllocateHeap 10585->10589 10586->10028 10587->10581 10588 6d904c shared_ptr __cftof 10587->10588 10588->10028 10590 6c24c3 10589->10590 10590->10028 10592 6d9294 10591->10592 10595 6d92a5 __cftof 10592->10595 10596 6d94e0 10592->10596 10594 6d932b 10594->10569 10595->10569 10597 6d9619 10596->10597 10598 6d950b 10596->10598 10599 6d9270 RtlAllocateHeap 10597->10599 10602 6d9579 10598->10602 10603 6d9552 10598->10603 10600 6d961e 10599->10600 10601 6c2480 RtlAllocateHeap 10600->10601 10609 6d9563 __cftof 10601->10609 10607 6dd3e2 RtlAllocateHeap 10602->10607 10602->10609 10603->10600 10604 6d955d 10603->10604 10606 6dd3e2 RtlAllocateHeap 10604->10606 10605 6f6c6a RtlAllocateHeap 10608 6d9628 shared_ptr 10605->10608 10606->10609 10607->10609 10608->10594 10609->10605 10610 6d95e1 shared_ptr __cftof 10609->10610 10610->10594 10611 6c4276 10616 6c2410 10611->10616 10615 6c428f 10617 6c2424 10616->10617 10631 6db52d 10617->10631 10620 6c3ce0 10621 6c3d42 10620->10621 10623 6c3d52 10620->10623 10687 6d7d50 10621->10687 10624 6dd3e2 RtlAllocateHeap 10623->10624 10625 6c3d84 10624->10625 10626 6d7d50 RtlAllocateHeap 10625->10626 10628 6c3e03 10625->10628 10626->10628 10627 6c3e9b shared_ptr 10627->10615 10628->10627 10629 6f6c6a RtlAllocateHeap 10628->10629 10630 6c3ec1 10629->10630 10639 6f3aed 10631->10639 10633 6c242a 10633->10620 10634 6db5a5 ___std_exception_copy 10646 6db1ad 10634->10646 10635 6db598 10642 6daf56 10635->10642 10650 6f4f29 10639->10650 10643 6daf9f ___std_exception_copy 10642->10643 10645 6dafb2 shared_ptr 10643->10645 10663 6db39f 10643->10663 10645->10633 10647 6db1d8 10646->10647 10648 6db1e1 shared_ptr 10646->10648 10649 6db39f 5 API calls 10647->10649 10648->10633 10649->10648 10658 6f4f37 10650->10658 10652 6db555 10652->10633 10652->10634 10652->10635 10653 6f4f2e __cftof 10653->10652 10654 6fd634 __cftof 4 API calls 10653->10654 10657 6f8bfc __cftof 10653->10657 10654->10657 10655 6f65ed __cftof 3 API calls 10656 6f8c2f 10655->10656 10657->10655 10659 6f4f40 10658->10659 10661 6f4f43 10658->10661 10659->10653 10660 6f4f77 10660->10653 10661->10660 10662 6f8ba3 ___std_exception_destroy RtlAllocateHeap 10661->10662 10662->10660 10674 6dbedf 10663->10674 10666 6db3e8 10666->10645 10683 6dcc31 10674->10683 10677 6f6cbb 10678 6f6cc7 __dosmaperr 10677->10678 10679 6fa671 __cftof 4 API calls 10678->10679 10681 6f6ccc 10679->10681 10680 6f8bec __cftof 4 API calls 10682 6f6cf6 10680->10682 10681->10680 10684 6dcc3f InitOnceExecuteOnce 10683->10684 10686 6db3e1 10683->10686 10684->10686 10686->10666 10686->10677 10688 6d7dcb 10687->10688 10689 6d7d62 10687->10689 10692 6c2480 RtlAllocateHeap 10688->10692 10690 6d7d6d 10689->10690 10691 6d7d9c 10689->10691 10690->10688 10693 6d7d74 10690->10693 10694 6d7db9 10691->10694 10697 6dd3e2 RtlAllocateHeap 10691->10697 10695 6d7d7a 10692->10695 10696 6dd3e2 RtlAllocateHeap 10693->10696 10694->10623 10698 6f6c6a RtlAllocateHeap 10695->10698 10700 6d7d83 10695->10700 10696->10695 10699 6d7da6 10697->10699 10706 6d7dd5 10698->10706 10699->10623 10700->10623 10701 6d7f20 10702 6d9270 RtlAllocateHeap 10701->10702 10715 6d7e91 __cftof 10702->10715 10703 6d7e01 10703->10623 10704 6f6c6a RtlAllocateHeap 10713 6d7f2a __cftof 10704->10713 10705 6d7f1b 10707 6c2480 RtlAllocateHeap 10705->10707 10706->10701 10706->10703 10706->10705 10708 6d7ea7 10706->10708 10709 6d7e80 10706->10709 10707->10701 10711 6dd3e2 RtlAllocateHeap 10708->10711 10708->10715 10709->10705 10710 6d7e8b 10709->10710 10712 6dd3e2 RtlAllocateHeap 10710->10712 10711->10715 10712->10715 10714 6d7f61 shared_ptr 10713->10714 10716 6f6c6a RtlAllocateHeap 10713->10716 10714->10623 10715->10704 10717 6d7f02 shared_ptr 10715->10717 10718 6d7f7c 10716->10718 10717->10623 10728 6c3c47 10729 6c3c51 10728->10729 10732 6c3c5f 10729->10732 10744 6c32d0 10729->10744 10730 6c3c68 10732->10730 10763 6c3810 10732->10763 10767 6dc6ac 10744->10767 10746 6c336b 10773 6dc26a 10746->10773 10749 6c333c __Mtx_unlock 10750 6dc26a 5 API calls 10749->10750 10753 6c3350 std::future_error::future_error 10749->10753 10751 6c3377 10750->10751 10754 6dc6ac GetSystemTimePreciseAsFileTime 10751->10754 10752 6c3314 10752->10746 10752->10749 10770 6dbd4c 10752->10770 10753->10732 10755 6c33af 10754->10755 10756 6dc26a 5 API calls 10755->10756 10757 6c33b6 __Cnd_broadcast 10755->10757 10756->10757 10758 6dc26a 5 API calls 10757->10758 10759 6c33d7 __Mtx_unlock 10757->10759 10758->10759 10760 6dc26a 5 API calls 10759->10760 10761 6c33eb 10759->10761 10762 6c340e 10760->10762 10761->10732 10762->10732 10764 6c381c 10763->10764 10846 6c2440 10764->10846 10777 6dc452 10767->10777 10769 6dc6b9 10769->10752 10794 6dbb72 10770->10794 10772 6dbd5c 10772->10752 10774 6dc292 10773->10774 10775 6dc274 10773->10775 10774->10774 10775->10774 10800 6dc297 10775->10800 10778 6dc47a std::future_error::future_error 10777->10778 10779 6dc4a8 10777->10779 10778->10769 10779->10778 10783 6dcf6b 10779->10783 10781 6dc4fd __Xtime_diff_to_millis2 10781->10778 10782 6dcf6b _xtime_get GetSystemTimePreciseAsFileTime 10781->10782 10782->10781 10784 6dcf7a 10783->10784 10786 6dcf87 __aulldvrm 10783->10786 10784->10786 10787 6dcf44 10784->10787 10786->10781 10790 6dcbea 10787->10790 10791 6dcbfb GetSystemTimePreciseAsFileTime 10790->10791 10792 6dcc07 10790->10792 10791->10792 10792->10786 10795 6dbb9c 10794->10795 10796 6dcf6b _xtime_get GetSystemTimePreciseAsFileTime 10795->10796 10798 6dbba4 __Xtime_diff_to_millis2 std::future_error::future_error 10795->10798 10797 6dbbcf __Xtime_diff_to_millis2 10796->10797 10797->10798 10799 6dcf6b _xtime_get GetSystemTimePreciseAsFileTime 10797->10799 10798->10772 10799->10798 10805 6c2ae0 10800->10805 10802 6dc2ae 10812 6dc1ff 10802->10812 10804 6dc2bf Concurrency::cancel_current_task 10806 6dbedf InitOnceExecuteOnce 10805->10806 10807 6c2af4 __dosmaperr 10806->10807 10807->10802 10808 6fa671 __cftof 4 API calls 10807->10808 10811 6f6ccc 10808->10811 10809 6f8bec __cftof 4 API calls 10810 6f6cf6 10809->10810 10811->10809 10813 6dc20b __EH_prolog3_GS 10812->10813 10814 6d80c0 RtlAllocateHeap 10813->10814 10815 6dc23d 10814->10815 10820 6c26b0 10815->10820 10817 6dc252 10837 6d7970 10817->10837 10819 6dc25a 10819->10804 10821 6d7a00 RtlAllocateHeap 10820->10821 10822 6c2702 10821->10822 10823 6c2725 10822->10823 10824 6d8f40 RtlAllocateHeap 10822->10824 10825 6d8f40 RtlAllocateHeap 10823->10825 10826 6c278e 10823->10826 10824->10823 10825->10826 10827 6c27ed shared_ptr 10826->10827 10829 6c28b8 10826->10829 10828 6f38af ___std_exception_copy RtlAllocateHeap 10827->10828 10832 6c284b 10828->10832 10830 6f6c6a RtlAllocateHeap 10829->10830 10830->10832 10831 6c287a shared_ptr std::future_error::future_error 10831->10817 10832->10831 10833 6f6c6a RtlAllocateHeap 10832->10833 10834 6c28c2 10833->10834 10842 6f3912 10834->10842 10836 6c28e5 shared_ptr 10836->10817 10838 6d797b 10837->10838 10839 6d7996 shared_ptr 10837->10839 10838->10839 10840 6f6c6a RtlAllocateHeap 10838->10840 10839->10819 10841 6d79ba 10840->10841 10843 6f391f 10842->10843 10844 6f3926 10842->10844 10845 6f8ba3 ___std_exception_destroy RtlAllocateHeap 10843->10845 10844->10836 10845->10844 10849 6db5d6 10846->10849 10848 6c2472 10850 6db5f1 Concurrency::cancel_current_task 10849->10850 10851 6f8bec __cftof 4 API calls 10850->10851 10853 6db658 __cftof std::future_error::future_error 10850->10853 10852 6db69f 10851->10852 10853->10848 10854 6f6a44 10855 6f6a5c 10854->10855 10856 6f6a52 10854->10856 10872 6f698d 10855->10872 10867 6fb655 10856->10867 10859 6f6a59 10860 6f6a76 10875 6f68ed 10860->10875 10863 6fb655 RtlAllocateHeap 10864 6f6a8a 10863->10864 10865 6f6aa8 10864->10865 10866 6fadf5 __freea RtlAllocateHeap 10864->10866 10866->10865 10869 6fb662 10867->10869 10868 6fb679 10868->10859 10869->10868 10878 6f75c0 10869->10878 10873 6f690a __cftof 4 API calls 10872->10873 10874 6f699f 10873->10874 10874->10860 10886 6f683b 10875->10886 10883 6f75e3 10878->10883 10880 6f75cb __dosmaperr 10881 6f75f6 __dosmaperr RtlAllocateHeap 10880->10881 10882 6f75de 10881->10882 10882->10859 10884 6fa7c8 __dosmaperr RtlAllocateHeap 10883->10884 10885 6f75e8 10884->10885 10885->10880 10887 6f6849 10886->10887 10888 6f6863 10886->10888 10899 6f69cc 10887->10899 10890 6f686a 10888->10890 10892 6f6889 __cftof 10888->10892 10898 6f6853 10890->10898 10903 6f69e6 10890->10903 10893 6f689f __cftof 10892->10893 10894 6f69e6 RtlAllocateHeap 10892->10894 10895 6f75c0 __dosmaperr RtlAllocateHeap 10893->10895 10893->10898 10894->10893 10896 6f68ab 10895->10896 10897 6f75f6 __dosmaperr RtlAllocateHeap 10896->10897 10897->10898 10898->10863 10898->10864 10900 6f69d7 10899->10900 10901 6f69df 10899->10901 10902 6fadf5 __freea RtlAllocateHeap 10900->10902 10901->10898 10902->10901 10904 6f69cc RtlAllocateHeap 10903->10904 10905 6f69f4 10904->10905 10908 6f6a25 10905->10908 10909 6fb04b __cftof RtlAllocateHeap 10908->10909 10910 6f6a05 10909->10910 10910->10898 10944 6c3840 10945 6c38f6 10944->10945 10949 6c385f 10944->10949 10946 6c3920 10954 6d91e0 10946->10954 10948 6d7d50 RtlAllocateHeap 10948->10945 10949->10945 10949->10946 10950 6c391b 10949->10950 10952 6c38cd shared_ptr 10949->10952 10953 6f6c6a RtlAllocateHeap 10950->10953 10951 6c3925 10952->10948 10953->10946 10955 6dc1b9 RtlAllocateHeap 10954->10955 10956 6d91ea 10955->10956 10956->10951 10957 6c3440 10962 6c2b30 10957->10962 10959 6c344f Concurrency::cancel_current_task 10960 6f38af ___std_exception_copy RtlAllocateHeap 10959->10960 10961 6c3483 10960->10961 10963 6f38af ___std_exception_copy RtlAllocateHeap 10962->10963 10964 6c2b68 std::future_error::future_error 10963->10964 10964->10959 9707 6ca856 9708 6ca870 9707->9708 9715 6ca892 shared_ptr 9707->9715 9709 6ca94e 9708->9709 9708->9715 9711 6ca953 Sleep CreateMutexA 9709->9711 9731 6f6c6a 9709->9731 9714 6ca98e 9711->9714 9713 6ca903 9716 6d80c0 9715->9716 9719 6d8104 9716->9719 9720 6d80de 9716->9720 9717 6d81ee 9739 6d9270 9717->9739 9719->9717 9722 6d817d 9719->9722 9723 6d8158 9719->9723 9720->9713 9721 6d81f3 9742 6c2480 9721->9742 9727 6dd3e2 RtlAllocateHeap 9722->9727 9728 6d8169 __cftof 9722->9728 9723->9721 9734 6dd3e2 9723->9734 9727->9728 9729 6f6c6a RtlAllocateHeap 9728->9729 9730 6d81d0 shared_ptr 9728->9730 9729->9717 9730->9713 9732 6f6bf6 __cftof RtlAllocateHeap 9731->9732 9733 6f6c79 __cftof 9732->9733 9735 6c2480 Concurrency::cancel_current_task __dosmaperr ___std_exception_copy 9734->9735 9738 6dd401 Concurrency::cancel_current_task 9735->9738 9746 6f38af 9735->9746 9738->9728 9835 6dc1b9 9739->9835 9743 6c248e Concurrency::cancel_current_task 9742->9743 9744 6f38af ___std_exception_copy RtlAllocateHeap 9743->9744 9745 6c24c3 9744->9745 9748 6f38bc ___std_exception_copy 9746->9748 9751 6c24c3 9746->9751 9747 6f38e9 9761 6f8ba3 9747->9761 9748->9747 9748->9751 9752 6fa1f1 9748->9752 9751->9728 9753 6fa1fe 9752->9753 9755 6fa20c 9752->9755 9753->9755 9759 6fa223 9753->9759 9764 6f75f6 9755->9764 9756 6fa214 9767 6f6c5a 9756->9767 9758 6fa21e 9758->9747 9759->9758 9760 6f75f6 __dosmaperr RtlAllocateHeap 9759->9760 9760->9756 9762 6fadf5 __freea RtlAllocateHeap 9761->9762 9763 6f8bbb 9762->9763 9763->9751 9770 6fa7c8 9764->9770 9829 6f6bf6 9767->9829 9769 6f6c66 9769->9758 9771 6fa7d2 __dosmaperr 9770->9771 9773 6f75fb 9771->9773 9781 6fd82f 9771->9781 9773->9756 9774 6fa813 __dosmaperr 9775 6fa853 9774->9775 9776 6fa81b __dosmaperr 9774->9776 9789 6fa49f 9775->9789 9785 6fadf5 9776->9785 9780 6fadf5 __freea RtlAllocateHeap 9780->9773 9782 6fd83c __dosmaperr 9781->9782 9783 6fd87a __dosmaperr 9782->9783 9784 6fd867 RtlAllocateHeap 9782->9784 9783->9774 9784->9782 9784->9783 9786 6fae00 9785->9786 9788 6fae1b __dosmaperr 9785->9788 9787 6f75f6 __dosmaperr RtlAllocateHeap 9786->9787 9786->9788 9787->9788 9788->9773 9790 6fa50d __dosmaperr 9789->9790 9793 6fa445 9790->9793 9792 6fa536 9792->9780 9794 6fa451 __dosmaperr 9793->9794 9797 6fa626 9794->9797 9796 6fa473 __dosmaperr 9796->9792 9798 6fa65c __cftof 9797->9798 9799 6fa635 __cftof 9797->9799 9798->9796 9799->9798 9801 6ff35f 9799->9801 9802 6ff3df 9801->9802 9805 6ff375 9801->9805 9803 6ff42d 9802->9803 9806 6fadf5 __freea RtlAllocateHeap 9802->9806 9804 6ff4d0 __cftof RtlAllocateHeap 9803->9804 9819 6ff43b 9804->9819 9805->9802 9807 6ff3a8 9805->9807 9813 6fadf5 __freea RtlAllocateHeap 9805->9813 9808 6ff401 9806->9808 9809 6ff3ca 9807->9809 9814 6fadf5 __freea RtlAllocateHeap 9807->9814 9810 6fadf5 __freea RtlAllocateHeap 9808->9810 9812 6fadf5 __freea RtlAllocateHeap 9809->9812 9811 6ff414 9810->9811 9815 6fadf5 __freea RtlAllocateHeap 9811->9815 9816 6ff3d4 9812->9816 9818 6ff39d 9813->9818 9820 6ff3bf 9814->9820 9821 6ff422 9815->9821 9822 6fadf5 __freea RtlAllocateHeap 9816->9822 9817 6ff49b 9823 6fadf5 __freea RtlAllocateHeap 9817->9823 9824 6fef3c ___free_lconv_mon RtlAllocateHeap 9818->9824 9819->9817 9828 6fadf5 RtlAllocateHeap __freea 9819->9828 9825 6ff03a __cftof RtlAllocateHeap 9820->9825 9826 6fadf5 __freea RtlAllocateHeap 9821->9826 9822->9802 9827 6ff4a1 9823->9827 9824->9807 9825->9809 9826->9803 9827->9798 9828->9819 9830 6fa7c8 __dosmaperr RtlAllocateHeap 9829->9830 9832 6f6c01 __cftof 9830->9832 9831 6f6c0f 9831->9769 9832->9831 9833 6f6bf6 __cftof RtlAllocateHeap 9832->9833 9834 6f6c66 9833->9834 9834->9769 9838 6dc123 9835->9838 9837 6dc1ca Concurrency::cancel_current_task 9841 6c22e0 9838->9841 9840 6dc135 9840->9837 9842 6f38af ___std_exception_copy RtlAllocateHeap 9841->9842 9843 6c2317 std::future_error::future_error 9842->9843 9843->9840 10980 6dbe50 10983 6dbd8b 10980->10983 10982 6dbe66 Concurrency::cancel_current_task std::_Throw_future_error 10984 6c22e0 std::future_error::future_error RtlAllocateHeap 10983->10984 10985 6dbd9f 10984->10985 10985->10982 9687 6fd82f 9688 6fd83c __dosmaperr 9687->9688 9689 6fd87a __dosmaperr 9688->9689 9690 6fd867 RtlAllocateHeap 9688->9690 9690->9688 9690->9689 9691 6f6629 9694 6f64c7 9691->9694 9695 6f64d5 __cftof 9694->9695 9696 6f6520 9695->9696 9699 6f652b 9695->9699 9698 6f652a 9705 6fa302 GetPEB 9699->9705 9701 6f6535 9702 6f653a GetPEB 9701->9702 9703 6f654a __cftof 9701->9703 9702->9703 9704 6f6562 ExitProcess 9703->9704 9706 6fa31c __cftof 9705->9706 9706->9701 11006 6c1020 11007 6d80c0 RtlAllocateHeap 11006->11007 11008 6c1031 11007->11008 11009 6dd64e RtlAllocateHeap 11008->11009 11010 6c103b 11009->11010 11084 6c1000 11085 6dd64e RtlAllocateHeap 11084->11085 11086 6c100a 11085->11086 11052 6c2e00 11053 6c2e28 11052->11053 11056 6dc68b 11053->11056 11059 6dc3d5 11056->11059 11058 6c2e33 11060 6dc3eb 11059->11060 11061 6dc3e1 11059->11061 11060->11058 11062 6dc3be 11061->11062 11064 6dc39e 11061->11064 11072 6dcd0a 11062->11072 11064->11060 11068 6dccd5 11064->11068 11066 6dc3d0 11066->11058 11069 6dc3b7 11068->11069 11070 6dcce3 InitializeCriticalSectionEx 11068->11070 11069->11058 11070->11069 11073 6dcd1f RtlInitializeConditionVariable 11072->11073 11073->11066 11097 6ca418 11098 6ca420 shared_ptr 11097->11098 11099 6ca93f 11098->11099 11100 6ca4f3 shared_ptr 11098->11100 11101 6f6c6a RtlAllocateHeap 11099->11101 11104 6d80c0 RtlAllocateHeap 11100->11104 11102 6ca944 11101->11102 11103 6f6c6a RtlAllocateHeap 11102->11103 11105 6ca949 11103->11105 11106 6ca903 11104->11106 11107 6ca94e 11105->11107 11108 6f6c6a RtlAllocateHeap 11105->11108 11109 6ca953 Sleep CreateMutexA 11107->11109 11110 6f6c6a RtlAllocateHeap 11107->11110 11108->11107 11111 6ca98e 11109->11111 11110->11109 11118 7044f2 11119 70450c 11118->11119 11120 7044ff 11118->11120 11122 704518 11119->11122 11123 6f75f6 __dosmaperr RtlAllocateHeap 11119->11123 11121 6f75f6 __dosmaperr RtlAllocateHeap 11120->11121 11124 704504 11121->11124 11125 704539 11123->11125 11126 6f6c5a __cftof RtlAllocateHeap 11125->11126 11126->11124 11127 6c6ae9 11130 6c6b01 11127->11130 11128 6d80c0 RtlAllocateHeap 11129 6c6bac 11128->11129 11131 6d9280 RtlAllocateHeap 11129->11131 11130->11128 11132 6c6bbd shared_ptr 11130->11132 11131->11132 11133 6d80c0 RtlAllocateHeap 11132->11133 11134 6c6ce3 shared_ptr std::future_error::future_error 11133->11134 11183 6d9ef0 11184 6d9f0c 11183->11184 11185 6dc68b __Mtx_init_in_situ 2 API calls 11184->11185 11186 6d9f17 11185->11186 11187 6dd0c7 11189 6dd0d7 11187->11189 11188 6dd17f 11189->11188 11190 6dd17b RtlWakeAllConditionVariable 11189->11190 11206 6ce0c0 recv 11207 6ce122 recv 11206->11207 11208 6ce157 recv 11207->11208 11210 6ce191 11208->11210 11209 6ce2b3 std::future_error::future_error 11210->11209 11211 6dc6ac GetSystemTimePreciseAsFileTime 11210->11211 11212 6ce2ee 11211->11212 11213 6dc26a 5 API calls 11212->11213 11214 6ce358 11213->11214 11215 6c2ec0 11216 6c2f06 11215->11216 11225 6c2f6f 11215->11225 11217 6dc6ac GetSystemTimePreciseAsFileTime 11216->11217 11218 6c2f12 11217->11218 11219 6c2f1d 11218->11219 11220 6c301e 11218->11220 11223 6dd3e2 RtlAllocateHeap 11219->11223 11224 6c2f30 __Mtx_unlock 11219->11224 11221 6dc26a 5 API calls 11220->11221 11222 6c3024 11221->11222 11226 6dc26a 5 API calls 11222->11226 11223->11224 11224->11222 11224->11225 11227 6dc6ac GetSystemTimePreciseAsFileTime 11225->11227 11236 6c2fef 11225->11236 11228 6c2fb9 11226->11228 11227->11228 11229 6dc26a 5 API calls 11228->11229 11230 6c2fc0 __Mtx_unlock 11228->11230 11229->11230 11231 6dc26a 5 API calls 11230->11231 11232 6c2fd8 __Cnd_broadcast 11230->11232 11231->11232 11233 6dc26a 5 API calls 11232->11233 11232->11236 11234 6c303c 11233->11234 11235 6dc6ac GetSystemTimePreciseAsFileTime 11234->11235 11246 6c3080 shared_ptr __Mtx_unlock 11235->11246 11237 6c31c5 11238 6dc26a 5 API calls 11237->11238 11239 6c31cb 11238->11239 11240 6dc26a 5 API calls 11239->11240 11241 6c31d1 11240->11241 11242 6dc26a 5 API calls 11241->11242 11248 6c3193 __Mtx_unlock 11242->11248 11243 6c31a7 std::future_error::future_error 11244 6dc26a 5 API calls 11245 6c31dd 11244->11245 11246->11237 11246->11239 11246->11243 11247 6dc6ac GetSystemTimePreciseAsFileTime 11246->11247 11249 6c315f 11247->11249 11248->11243 11248->11244 11249->11237 11249->11241 11249->11248 11250 6dbd4c GetSystemTimePreciseAsFileTime 11249->11250 11250->11249 11281 6c9adc 11282 6c9aea 11281->11282 11286 6c9afe shared_ptr 11281->11286 11283 6ca917 11282->11283 11282->11286 11284 6ca953 Sleep CreateMutexA 11283->11284 11285 6f6c6a RtlAllocateHeap 11283->11285 11287 6ca98e 11284->11287 11285->11284 11288 6d7a00 RtlAllocateHeap 11286->11288 11289 6c9b74 11288->11289 11290 6c5c10 4 API calls 11289->11290 11291 6c9b7c 11290->11291 11304 6c8b30 11291->11304 11293 6c9b8d 11294 6d8220 RtlAllocateHeap 11293->11294 11295 6c9b9c 11294->11295 11296 6d7a00 RtlAllocateHeap 11295->11296 11297 6c9ca9 11296->11297 11298 6c5c10 4 API calls 11297->11298 11299 6c9cb1 11298->11299 11300 6c8b30 4 API calls 11299->11300 11301 6c9cc2 11300->11301 11302 6d8220 RtlAllocateHeap 11301->11302 11303 6c9cd1 11302->11303 11305 6c8b7c 11304->11305 11306 6d7a00 RtlAllocateHeap 11305->11306 11307 6c8b8c 11306->11307 11308 6c5c10 4 API calls 11307->11308 11309 6c8b97 11308->11309 11310 6d80c0 RtlAllocateHeap 11309->11310 11311 6c8be3 11310->11311 11312 6d80c0 RtlAllocateHeap 11311->11312 11313 6c8c35 11312->11313 11314 6d8220 RtlAllocateHeap 11313->11314 11317 6c8c47 shared_ptr 11314->11317 11315 6c8d01 shared_ptr std::future_error::future_error 11315->11293 11316 6f6c6a RtlAllocateHeap 11318 6c8d2d 11316->11318 11317->11315 11317->11316 11319 6d7a00 RtlAllocateHeap 11318->11319 11320 6c8d8f 11319->11320 11321 6c5c10 4 API calls 11320->11321 11322 6c8d9a 11321->11322 11323 6d80c0 RtlAllocateHeap 11322->11323 11324 6c8dec 11323->11324 11325 6d8220 RtlAllocateHeap 11324->11325 11327 6c8dfe shared_ptr 11325->11327 11326 6c8e7e shared_ptr std::future_error::future_error 11326->11293 11327->11326 11328 6f6c6a RtlAllocateHeap 11327->11328 11329 6c8eaa 11328->11329 11330 6d7a00 RtlAllocateHeap 11329->11330 11331 6c8f0f 11330->11331 11332 6c5c10 4 API calls 11331->11332 11333 6c8f1a 11332->11333 11334 6d80c0 RtlAllocateHeap 11333->11334 11335 6c8f6c 11334->11335 11336 6d8220 RtlAllocateHeap 11335->11336 11338 6c8f7e shared_ptr 11336->11338 11337 6c8ffe shared_ptr std::future_error::future_error 11337->11293 11338->11337 11339 6f6c6a RtlAllocateHeap 11338->11339 11340 6c902a 11339->11340 11341 6c5cad 11343 6c5caf 11341->11343 11342 6c5d17 shared_ptr std::future_error::future_error 11343->11342 11344 6f6c6a RtlAllocateHeap 11343->11344 11345 6c5d47 __cftof 11344->11345 11346 6d80c0 RtlAllocateHeap 11345->11346 11348 6c5e3e 11346->11348 11347 6c5ea6 shared_ptr std::future_error::future_error 11348->11347 11349 6f6c6a RtlAllocateHeap 11348->11349 11350 6c5ed2 11349->11350 11351 6c5ffe shared_ptr std::future_error::future_error 11350->11351 11352 6f6c6a RtlAllocateHeap 11350->11352 11353 6c601b 11352->11353 11354 6d80c0 RtlAllocateHeap 11353->11354 11355 6c6089 11354->11355 11356 6d80c0 RtlAllocateHeap 11355->11356 11357 6c60bd 11356->11357 11358 6d80c0 RtlAllocateHeap 11357->11358 11359 6c60ee 11358->11359 11360 6d80c0 RtlAllocateHeap 11359->11360 11361 6c611f 11360->11361 11362 6d80c0 RtlAllocateHeap 11361->11362 11364 6c6150 11362->11364 11363 6c65b1 shared_ptr std::future_error::future_error 11364->11363 11365 6f6c6a RtlAllocateHeap 11364->11365 11366 6c65dc 11365->11366 11367 6d7a00 RtlAllocateHeap 11366->11367 11368 6c66a6 11367->11368 11369 6c5c10 4 API calls 11368->11369 11370 6c66ac 11369->11370 11371 6c5c10 4 API calls 11370->11371 11372 6c66b1 11371->11372 11373 6c22c0 4 API calls 11372->11373 11374 6c66c9 shared_ptr 11373->11374 11375 6d7a00 RtlAllocateHeap 11374->11375 11376 6c6732 11375->11376 11377 6c5c10 4 API calls 11376->11377 11378 6c673d 11377->11378 11379 6c22c0 4 API calls 11378->11379 11388 6c6757 shared_ptr 11379->11388 11380 6c6852 11381 6d80c0 RtlAllocateHeap 11380->11381 11383 6c689c 11381->11383 11382 6d7a00 RtlAllocateHeap 11382->11388 11384 6d80c0 RtlAllocateHeap 11383->11384 11386 6c68e3 shared_ptr std::future_error::future_error 11384->11386 11385 6c5c10 4 API calls 11385->11388 11387 6c22c0 4 API calls 11387->11388 11388->11380 11388->11382 11388->11385 11388->11387 11394 6c20a0 11395 6dc68b __Mtx_init_in_situ 2 API calls 11394->11395 11396 6c20ac 11395->11396 11397 6dd64e RtlAllocateHeap 11396->11397 11398 6c20b6 11397->11398 11414 6c34a0 11415 6c34aa 11414->11415 11416 6c34ca shared_ptr 11414->11416 11415->11416 11417 6f6c6a RtlAllocateHeap 11415->11417 11418 6c34f2 Concurrency::cancel_current_task shared_ptr 11417->11418 11439 6c9ab8 11441 6c9acc 11439->11441 11442 6c9b08 11441->11442 11443 6d7a00 RtlAllocateHeap 11442->11443 11444 6c9b74 11443->11444 11445 6c5c10 4 API calls 11444->11445 11446 6c9b7c 11445->11446 11447 6c8b30 4 API calls 11446->11447 11448 6c9b8d 11447->11448 11449 6d8220 RtlAllocateHeap 11448->11449 11450 6c9b9c 11449->11450 11451 6d7a00 RtlAllocateHeap 11450->11451 11452 6c9ca9 11451->11452 11453 6c5c10 4 API calls 11452->11453 11454 6c9cb1 11453->11454 11455 6c8b30 4 API calls 11454->11455 11456 6c9cc2 11455->11456 11457 6d8220 RtlAllocateHeap 11456->11457 11458 6c9cd1 11457->11458 11459 6c42b0 11462 6c3ac0 11459->11462 11461 6c42bb shared_ptr 11463 6c3af9 11462->11463 11464 6f6c6a RtlAllocateHeap 11463->11464 11470 6c3b39 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ 11463->11470 11465 6c3be6 11464->11465 11467 6c32d0 6 API calls 11465->11467 11468 6c3c38 11465->11468 11466 6c32d0 6 API calls 11471 6c3c5f 11466->11471 11467->11468 11468->11466 11468->11471 11469 6c3c68 11469->11461 11470->11461 11471->11469 11472 6c3810 4 API calls 11471->11472 11473 6c3cdb 11472->11473 11474 6d7d50 RtlAllocateHeap 11473->11474 11475 6c3d52 11473->11475 11474->11475 11476 6dd3e2 RtlAllocateHeap 11475->11476 11477 6c3d84 11476->11477 11478 6d7d50 RtlAllocateHeap 11477->11478 11480 6c3e03 11477->11480 11478->11480 11479 6c3e9b shared_ptr 11479->11461 11480->11479 11481 6f6c6a RtlAllocateHeap 11480->11481 11482 6c3ec1 11481->11482 11483 6c3c8e 11484 6c3c98 11483->11484 11485 6c3cb4 11484->11485 11486 6c2410 5 API calls 11484->11486 11489 6c3810 4 API calls 11485->11489 11487 6c3ca5 11486->11487 11488 6c3ce0 RtlAllocateHeap 11487->11488 11488->11485 11490 6c3ccf 11489->11490 11491 6c3810 4 API calls 11490->11491 11492 6c3cdb 11491->11492 11493 6c3d52 11492->11493 11494 6d7d50 RtlAllocateHeap 11492->11494 11495 6dd3e2 RtlAllocateHeap 11493->11495 11494->11493 11496 6c3d84 11495->11496 11497 6d7d50 RtlAllocateHeap 11496->11497 11499 6c3e03 11496->11499 11497->11499 11498 6c3e9b shared_ptr 11499->11498 11500 6f6c6a RtlAllocateHeap 11499->11500 11501 6c3ec1 11500->11501 11542 6d8680 11543 6d86e0 11542->11543 11543->11543 11551 6d7760 11543->11551 11545 6d86f9 11546 6d8f40 RtlAllocateHeap 11545->11546 11547 6d8714 11545->11547 11546->11547 11548 6d8f40 RtlAllocateHeap 11547->11548 11550 6d8769 11547->11550 11549 6d87b1 11548->11549 11555 6d777b 11551->11555 11564 6d7864 shared_ptr __cftof 11551->11564 11552 6d78f1 11553 6d9270 RtlAllocateHeap 11552->11553 11554 6d78f6 11553->11554 11558 6c2480 RtlAllocateHeap 11554->11558 11555->11552 11556 6d77ea 11555->11556 11557 6d7811 11555->11557 11563 6d77fb __cftof 11555->11563 11555->11564 11556->11554 11560 6dd3e2 RtlAllocateHeap 11556->11560 11561 6dd3e2 RtlAllocateHeap 11557->11561 11557->11563 11559 6d78fb 11558->11559 11560->11563 11561->11563 11562 6f6c6a RtlAllocateHeap 11562->11552 11563->11562 11563->11564 11564->11545 11565 6ca682 11567 6ca68a shared_ptr 11565->11567 11566 6ca949 11569 6ca94e 11566->11569 11570 6f6c6a RtlAllocateHeap 11566->11570 11567->11566 11568 6ca75d shared_ptr 11567->11568 11573 6d80c0 RtlAllocateHeap 11568->11573 11571 6ca953 Sleep CreateMutexA 11569->11571 11572 6f6c6a RtlAllocateHeap 11569->11572 11570->11569 11575 6ca98e 11571->11575 11572->11571 11574 6ca903 11573->11574 11576 6c5a9e 11579 6c5a61 11576->11579 11577 6d80c0 RtlAllocateHeap 11577->11579 11579->11576 11579->11577 11580 6d7a00 RtlAllocateHeap 11579->11580 11581 6c5bdd std::future_error::future_error 11579->11581 11582 6c5730 11579->11582 11580->11579 11586 6c5860 shared_ptr 11582->11586 11587 6c5799 shared_ptr 11582->11587 11583 6c592a 11591 6d8200 11583->11591 11585 6d80c0 RtlAllocateHeap 11585->11587 11588 6f6c6a RtlAllocateHeap 11586->11588 11590 6c5900 shared_ptr std::future_error::future_error 11586->11590 11587->11583 11587->11585 11587->11586 11589 6c5934 11588->11589 11590->11579 11594 6dc1d9 11591->11594 11593 6d820a 11597 6dc15d 11594->11597 11596 6dc1ea Concurrency::cancel_current_task 11596->11593 11598 6c22e0 std::future_error::future_error RtlAllocateHeap 11597->11598 11599 6dc16f 11598->11599 11599->11596 11650 6c5f76 11651 6c5f81 shared_ptr 11650->11651 11652 6c5ffe shared_ptr std::future_error::future_error 11651->11652 11653 6f6c6a RtlAllocateHeap 11651->11653 11654 6c601b 11653->11654 11655 6d80c0 RtlAllocateHeap 11654->11655 11656 6c6089 11655->11656 11657 6d80c0 RtlAllocateHeap 11656->11657 11658 6c60bd 11657->11658 11659 6d80c0 RtlAllocateHeap 11658->11659 11660 6c60ee 11659->11660 11661 6d80c0 RtlAllocateHeap 11660->11661 11662 6c611f 11661->11662 11663 6d80c0 RtlAllocateHeap 11662->11663 11665 6c6150 11663->11665 11664 6c65b1 shared_ptr std::future_error::future_error 11665->11664 11666 6f6c6a RtlAllocateHeap 11665->11666 11667 6c65dc 11666->11667 11668 6d7a00 RtlAllocateHeap 11667->11668 11669 6c66a6 11668->11669 11670 6c5c10 4 API calls 11669->11670 11671 6c66ac 11670->11671 11672 6c5c10 4 API calls 11671->11672 11673 6c66b1 11672->11673 11674 6c22c0 4 API calls 11673->11674 11675 6c66c9 shared_ptr 11674->11675 11676 6d7a00 RtlAllocateHeap 11675->11676 11677 6c6732 11676->11677 11678 6c5c10 4 API calls 11677->11678 11679 6c673d 11678->11679 11680 6c22c0 4 API calls 11679->11680 11689 6c6757 shared_ptr 11680->11689 11681 6c6852 11682 6d80c0 RtlAllocateHeap 11681->11682 11684 6c689c 11682->11684 11683 6d7a00 RtlAllocateHeap 11683->11689 11685 6d80c0 RtlAllocateHeap 11684->11685 11687 6c68e3 shared_ptr std::future_error::future_error 11685->11687 11686 6c5c10 4 API calls 11686->11689 11688 6c22c0 4 API calls 11688->11689 11689->11681 11689->11683 11689->11686 11689->11688 11690 6c2170 11695 6dc6fc 11690->11695 11693 6dd64e RtlAllocateHeap 11694 6c2184 11693->11694 11696 6dc70c 11695->11696 11697 6c217a 11695->11697 11696->11697 11699 6dcfbe 11696->11699 11697->11693 11700 6dccd5 __Mtx_init_in_situ InitializeCriticalSectionEx 11699->11700 11701 6dcfd0 11700->11701 11701->11696 11702 6c3970 11703 6dc68b __Mtx_init_in_situ 2 API calls 11702->11703 11704 6c39a7 11703->11704 11705 6dc68b __Mtx_init_in_situ 2 API calls 11704->11705 11706 6c39e6 11705->11706 11707 6c3770 11708 6c379b 11707->11708 11709 6c37cd shared_ptr 11708->11709 11710 6f6c6a RtlAllocateHeap 11708->11710 11711 6c380f 11710->11711 11712 6ca54d 11713 6ca555 shared_ptr 11712->11713 11714 6ca628 shared_ptr 11713->11714 11715 6ca944 11713->11715 11718 6d80c0 RtlAllocateHeap 11714->11718 11716 6f6c6a RtlAllocateHeap 11715->11716 11717 6ca949 11716->11717 11719 6ca94e 11717->11719 11720 6f6c6a RtlAllocateHeap 11717->11720 11721 6ca903 11718->11721 11722 6ca953 Sleep CreateMutexA 11719->11722 11723 6f6c6a RtlAllocateHeap 11719->11723 11720->11719 11724 6ca98e 11722->11724 11723->11722 11737 6c9f44 11739 6c9f4c shared_ptr 11737->11739 11738 6ca92b 11741 6ca953 Sleep CreateMutexA 11738->11741 11742 6f6c6a RtlAllocateHeap 11738->11742 11739->11738 11740 6ca01f shared_ptr 11739->11740 11743 6d80c0 RtlAllocateHeap 11740->11743 11744 6ca98e 11741->11744 11742->11741 11745 6ca903 11743->11745 11786 6c215a 11787 6dc6fc InitializeCriticalSectionEx 11786->11787 11788 6c2164 11787->11788 11789 6dd64e RtlAllocateHeap 11788->11789 11790 6c216e 11789->11790 11791 6f6729 11794 6f6672 11791->11794 11793 6f673b 11796 6f667e __dosmaperr 11794->11796 11795 6f6685 11797 6f75f6 __dosmaperr RtlAllocateHeap 11795->11797 11796->11795 11798 6f66a5 11796->11798 11799 6f668a 11797->11799 11800 6f66aa 11798->11800 11801 6f66b7 11798->11801 11802 6f6c5a __cftof RtlAllocateHeap 11799->11802 11803 6f75f6 __dosmaperr RtlAllocateHeap 11800->11803 11808 6fa8c3 11801->11808 11807 6f6695 11802->11807 11803->11807 11805 6f66c0 11806 6f75f6 __dosmaperr RtlAllocateHeap 11805->11806 11805->11807 11806->11807 11807->11793 11809 6fa8cf __dosmaperr 11808->11809 11812 6fa967 11809->11812 11811 6fa8ea 11811->11805 11813 6fa98a 11812->11813 11814 6fd82f __dosmaperr RtlAllocateHeap 11813->11814 11817 6fa9d0 11813->11817 11815 6fa9eb 11814->11815 11816 6fadf5 __freea RtlAllocateHeap 11815->11816 11816->11817 11817->11811 11833 6c4120 11834 6c416a 11833->11834 11836 6c41b2 std::future_error::future_error 11834->11836 11837 6c3ee0 11834->11837 11838 6c3f48 11837->11838 11839 6c3f1e 11837->11839 11841 6c3f58 11838->11841 11843 6c2c00 11838->11843 11839->11836 11841->11836 11844 6dd3e2 RtlAllocateHeap 11843->11844 11845 6c2c0e 11844->11845 11853 6db847 11845->11853 11847 6c2c42 11848 6c2c49 11847->11848 11859 6c2c80 11847->11859 11848->11836 11850 6c2c58 11862 6c2560 11850->11862 11852 6c2c65 Concurrency::cancel_current_task 11854 6db854 11853->11854 11857 6db873 Concurrency::details::_Reschedule_chore 11853->11857 11865 6dcb77 11854->11865 11856 6db864 11856->11857 11867 6db81e 11856->11867 11857->11847 11873 6db7fb 11859->11873 11861 6c2cb2 shared_ptr 11861->11850 11863 6f38af ___std_exception_copy RtlAllocateHeap 11862->11863 11864 6c2597 std::future_error::future_error 11863->11864 11864->11852 11866 6dcb92 CreateThreadpoolWork 11865->11866 11866->11856 11869 6db827 Concurrency::details::_Reschedule_chore 11867->11869 11871 6dcdcc 11869->11871 11870 6db841 11870->11857 11872 6dcde1 TpPostWork 11871->11872 11872->11870 11874 6db817 11873->11874 11875 6db807 11873->11875 11874->11861 11875->11874 11877 6dca78 11875->11877 11878 6dca8d TpReleaseWork 11877->11878 11878->11874 11904 6d8320 11905 6d8339 11904->11905 11906 6d834d 11905->11906 11907 6d8f40 RtlAllocateHeap 11905->11907 11907->11906 11913 6c6535 11915 6c6549 shared_ptr 11913->11915 11914 6f6c6a RtlAllocateHeap 11917 6c65dc 11914->11917 11915->11914 11916 6c65b1 shared_ptr std::future_error::future_error 11915->11916 11918 6d7a00 RtlAllocateHeap 11917->11918 11919 6c66a6 11918->11919 11920 6c5c10 4 API calls 11919->11920 11921 6c66ac 11920->11921 11922 6c5c10 4 API calls 11921->11922 11923 6c66b1 11922->11923 11924 6c22c0 4 API calls 11923->11924 11925 6c66c9 shared_ptr 11924->11925 11926 6d7a00 RtlAllocateHeap 11925->11926 11927 6c6732 11926->11927 11928 6c5c10 4 API calls 11927->11928 11929 6c673d 11928->11929 11930 6c22c0 4 API calls 11929->11930 11939 6c6757 shared_ptr 11930->11939 11931 6c6852 11932 6d80c0 RtlAllocateHeap 11931->11932 11934 6c689c 11932->11934 11933 6d7a00 RtlAllocateHeap 11933->11939 11935 6d80c0 RtlAllocateHeap 11934->11935 11937 6c68e3 shared_ptr std::future_error::future_error 11935->11937 11936 6c5c10 4 API calls 11936->11939 11938 6c22c0 4 API calls 11938->11939 11939->11931 11939->11933 11939->11936 11939->11938 11991 6c211c 11992 6c2126 11991->11992 11993 6dd64e RtlAllocateHeap 11992->11993 11994 6c2132 11993->11994 11995 6dd111 11997 6dd122 11995->11997 11996 6dd12a 11997->11996 11999 6dd199 11997->11999 12000 6dd1a7 SleepConditionVariableCS 11999->12000 12002 6dd1c0 11999->12002 12000->12002 12002->11997 12006 6c2b10 12007 6c2b1c 12006->12007 12008 6c2b1a 12006->12008 12009 6dc26a 5 API calls 12007->12009 12010 6c2b22 12009->12010 12011 6d8510 12012 6d855f 12011->12012 12015 6d856c 12011->12015 12017 6d9d00 12012->12017 12013 6d85c4 12015->12013 12038 6da060 12015->12038 12018 6d9e31 12017->12018 12022 6d9d25 12017->12022 12019 6d9270 RtlAllocateHeap 12018->12019 12030 6d9d8b __cftof 12019->12030 12020 6f6c6a RtlAllocateHeap 12029 6d9e3b 12020->12029 12021 6d9e2c 12023 6c2480 RtlAllocateHeap 12021->12023 12022->12021 12024 6d9d7a 12022->12024 12025 6d9da1 12022->12025 12023->12018 12024->12021 12026 6d9d85 12024->12026 12027 6dd3e2 RtlAllocateHeap 12025->12027 12025->12030 12028 6dd3e2 RtlAllocateHeap 12026->12028 12027->12030 12028->12030 12031 6d9e6a shared_ptr 12029->12031 12032 6f6c6a RtlAllocateHeap 12029->12032 12030->12020 12033 6d9dfc shared_ptr __cftof 12030->12033 12031->12015 12034 6d9e8e 12032->12034 12033->12015 12035 6d9ec0 shared_ptr 12034->12035 12036 6f6c6a RtlAllocateHeap 12034->12036 12035->12015 12037 6d9ee6 12036->12037 12039 6da1b1 12038->12039 12043 6da083 12038->12043 12040 6d9270 RtlAllocateHeap 12039->12040 12051 6da0e4 __cftof 12040->12051 12041 6f6c6a RtlAllocateHeap 12050 6da1bb shared_ptr 12041->12050 12042 6da1ac 12044 6c2480 RtlAllocateHeap 12042->12044 12043->12042 12045 6da0fd 12043->12045 12046 6da0d3 12043->12046 12044->12039 12048 6dd3e2 RtlAllocateHeap 12045->12048 12045->12051 12046->12042 12047 6da0de 12046->12047 12049 6dd3e2 RtlAllocateHeap 12047->12049 12048->12051 12049->12051 12050->12015 12051->12041 12052 6da16c shared_ptr __cftof 12051->12052 12052->12015 12093 6c3fe0 12094 6c4022 12093->12094 12095 6c408c 12094->12095 12096 6c40d2 12094->12096 12099 6c4035 std::future_error::future_error 12094->12099 12100 6c35e0 12095->12100 12097 6c3ee0 4 API calls 12096->12097 12097->12099 12101 6dd3e2 RtlAllocateHeap 12100->12101 12102 6c3616 12101->12102 12106 6c364e Concurrency::cancel_current_task shared_ptr std::future_error::future_error 12102->12106 12107 6c2ce0 12102->12107 12104 6c369e 12105 6c2c00 4 API calls 12104->12105 12104->12106 12105->12106 12106->12099 12108 6c2d1d 12107->12108 12109 6dbedf InitOnceExecuteOnce 12108->12109 12110 6c2d46 12109->12110 12111 6c2d51 std::future_error::future_error 12110->12111 12113 6c2d88 12110->12113 12116 6dbef7 12110->12116 12111->12104 12114 6c2440 4 API calls 12113->12114 12115 6c2d9b 12114->12115 12115->12104 12117 6dbf03 12116->12117 12125 6c2900 12117->12125 12119 6dbf23 Concurrency::cancel_current_task 12120 6dbf6a 12119->12120 12121 6dbf73 12119->12121 12135 6dbe7f 12120->12135 12123 6c2ae0 5 API calls 12121->12123 12124 6dbf6f 12123->12124 12124->12113 12126 6d80c0 RtlAllocateHeap 12125->12126 12127 6c294f 12126->12127 12128 6c26b0 RtlAllocateHeap 12127->12128 12129 6c2967 12128->12129 12130 6f6c6a RtlAllocateHeap 12129->12130 12131 6c298d shared_ptr 12129->12131 12132 6c29b6 12130->12132 12131->12119 12133 6f38af ___std_exception_copy RtlAllocateHeap 12132->12133 12134 6c29e4 12133->12134 12134->12119 12136 6dcc31 InitOnceExecuteOnce 12135->12136 12137 6dbe97 12136->12137 12138 6dbe9e 12137->12138 12139 6f6cbb 4 API calls 12137->12139 12138->12124 12140 6dbea7 12139->12140 12140->12124 12141 6d85e0 12142 6d85f6 12141->12142 12142->12142 12143 6d860b 12142->12143 12144 6d8f40 RtlAllocateHeap 12142->12144 12144->12143 12145 6d8de0 12146 6d8f2f 12145->12146 12147 6d8e05 12145->12147 12148 6d9270 RtlAllocateHeap 12146->12148 12151 6d8e4c 12147->12151 12152 6d8e76 12147->12152 12149 6d8f34 12148->12149 12150 6c2480 RtlAllocateHeap 12149->12150 12158 6d8e5d __cftof 12150->12158 12151->12149 12153 6d8e57 12151->12153 12156 6dd3e2 RtlAllocateHeap 12152->12156 12152->12158 12155 6dd3e2 RtlAllocateHeap 12153->12155 12154 6f6c6a RtlAllocateHeap 12157 6d8f3e 12154->12157 12155->12158 12156->12158 12158->12154 12159 6d8eed shared_ptr __cftof 12158->12159 12160 6c55f0 12161 6c5610 12160->12161 12162 6c22c0 4 API calls 12161->12162 12163 6c5710 std::future_error::future_error 12161->12163 12162->12161 12164 6c43f0 12165 6dbedf InitOnceExecuteOnce 12164->12165 12166 6c440a 12165->12166 12167 6c4411 12166->12167 12168 6f6cbb 4 API calls 12166->12168 12169 6c4424 12168->12169 12170 6c21c0 12171 6c21cb 12170->12171 12172 6c21d0 12170->12172 12173 6c21d4 12172->12173 12177 6c21ec __cftof 12172->12177 12174 6f75f6 __dosmaperr RtlAllocateHeap 12173->12174 12175 6c21d9 12174->12175 12178 6f6c5a __cftof RtlAllocateHeap 12175->12178 12176 6c21fc __cftof 12177->12176 12179 6c223a 12177->12179 12180 6c2221 12177->12180 12181 6c21e4 12178->12181 12183 6c2231 12179->12183 12185 6f75f6 __dosmaperr RtlAllocateHeap 12179->12185 12182 6f75f6 __dosmaperr RtlAllocateHeap 12180->12182 12184 6c2226 12182->12184 12186 6f6c5a __cftof RtlAllocateHeap 12184->12186 12187 6c2247 12185->12187 12186->12183 12188 6f6c5a __cftof RtlAllocateHeap 12187->12188 12189 6c2252 12188->12189 12233 6d79c0 12234 6d79e0 12233->12234 12234->12234 12235 6d80c0 RtlAllocateHeap 12234->12235 12236 6d79f2 12235->12236 12237 6d83c0 12238 6d7760 RtlAllocateHeap 12237->12238 12239 6d8439 12238->12239 12240 6d8f40 RtlAllocateHeap 12239->12240 12241 6d8454 12239->12241 12240->12241 12242 6d8f40 RtlAllocateHeap 12241->12242 12244 6d84a8 12241->12244 12243 6d84ee 12242->12243 12249 6c87d0 12250 6c88d3 12249->12250 12259 6c8819 shared_ptr 12249->12259 12251 6d80c0 RtlAllocateHeap 12250->12251 12257 6c8923 12251->12257 12252 6c896c 12255 6d8200 RtlAllocateHeap 12252->12255 12253 6c8949 shared_ptr 12254 6d80c0 RtlAllocateHeap 12254->12259 12256 6c8971 12255->12256 12257->12253 12258 6f6c6a RtlAllocateHeap 12257->12258 12258->12252 12259->12250 12259->12252 12259->12254 12259->12257 12269 6c9ba5 12270 6c9ba7 12269->12270 12271 6d7a00 RtlAllocateHeap 12270->12271 12272 6c9ca9 12271->12272 12273 6c5c10 4 API calls 12272->12273 12274 6c9cb1 12273->12274 12275 6c8b30 4 API calls 12274->12275 12276 6c9cc2 12275->12276 12277 6d8220 RtlAllocateHeap 12276->12277 12278 6c9cd1 12277->12278 12319 6f8bbe 12320 6f8868 4 API calls 12319->12320 12321 6f8bdc 12320->12321 12322 6f67b7 12323 6f67c3 __dosmaperr 12322->12323 12324 6f67cd 12323->12324 12327 6f67e2 12323->12327 12325 6f75f6 __dosmaperr RtlAllocateHeap 12324->12325 12326 6f67d2 12325->12326 12328 6f6c5a __cftof RtlAllocateHeap 12326->12328 12330 6f67dd 12327->12330 12331 6f6740 12327->12331 12328->12330 12332 6f674d 12331->12332 12333 6f6762 12331->12333 12334 6f75f6 __dosmaperr RtlAllocateHeap 12332->12334 12339 6f675d 12333->12339 12347 6fa038 12333->12347 12336 6f6752 12334->12336 12338 6f6c5a __cftof RtlAllocateHeap 12336->12338 12338->12339 12339->12330 12343 6f6785 12364 6faebb 12343->12364 12346 6fadf5 __freea RtlAllocateHeap 12346->12339 12348 6fa050 12347->12348 12352 6f6777 12347->12352 12349 6fafe4 RtlAllocateHeap 12348->12349 12348->12352 12350 6fa06e 12349->12350 12379 700439 12350->12379 12353 6fb00b 12352->12353 12354 6fb022 12353->12354 12356 6f677f 12353->12356 12355 6fadf5 __freea RtlAllocateHeap 12354->12355 12354->12356 12355->12356 12357 6fafe4 12356->12357 12358 6fb005 12357->12358 12359 6faff0 12357->12359 12358->12343 12360 6f75f6 __dosmaperr RtlAllocateHeap 12359->12360 12361 6faff5 12360->12361 12362 6f6c5a __cftof RtlAllocateHeap 12361->12362 12363 6fb000 12362->12363 12363->12343 12365 6faecc 12364->12365 12366 6faee1 12364->12366 12368 6f75e3 __dosmaperr RtlAllocateHeap 12365->12368 12367 6faf2a 12366->12367 12371 6faf08 12366->12371 12369 6f75e3 __dosmaperr RtlAllocateHeap 12367->12369 12370 6faed1 12368->12370 12372 6faf2f 12369->12372 12373 6f75f6 __dosmaperr RtlAllocateHeap 12370->12373 12397 6fae2f 12371->12397 12375 6f75f6 __dosmaperr RtlAllocateHeap 12372->12375 12376 6f678b 12373->12376 12377 6faf37 12375->12377 12376->12339 12376->12346 12378 6f6c5a __cftof RtlAllocateHeap 12377->12378 12378->12376 12380 700445 __dosmaperr 12379->12380 12381 700465 12380->12381 12382 70044d 12380->12382 12384 700500 12381->12384 12393 700497 12381->12393 12383 6f75e3 __dosmaperr RtlAllocateHeap 12382->12383 12385 700452 12383->12385 12386 6f75e3 __dosmaperr RtlAllocateHeap 12384->12386 12387 6f75f6 __dosmaperr RtlAllocateHeap 12385->12387 12388 700505 12386->12388 12389 70045a 12387->12389 12390 6f75f6 __dosmaperr RtlAllocateHeap 12388->12390 12389->12352 12391 70050d 12390->12391 12392 6f6c5a __cftof RtlAllocateHeap 12391->12392 12392->12389 12393->12389 12394 6f75f6 __dosmaperr RtlAllocateHeap 12393->12394 12395 7004be 12394->12395 12396 6f75e3 __dosmaperr RtlAllocateHeap 12395->12396 12396->12389 12398 6fae3b __dosmaperr 12397->12398 12399 6fae7b 12398->12399 12400 6fae70 12398->12400 12402 6f75f6 __dosmaperr RtlAllocateHeap 12399->12402 12404 6faf48 12400->12404 12403 6fae76 12402->12403 12403->12376 12415 6fc0de 12404->12415 12406 6faf58 12407 6faf90 12406->12407 12408 6fc0de RtlAllocateHeap 12406->12408 12410 6faf5e 12406->12410 12409 6fc0de RtlAllocateHeap 12407->12409 12407->12410 12412 6faf87 12408->12412 12409->12410 12411 6fafd8 12410->12411 12413 6f75c0 __dosmaperr RtlAllocateHeap 12410->12413 12411->12403 12414 6fc0de RtlAllocateHeap 12412->12414 12413->12411 12414->12407 12416 6fc0eb 12415->12416 12417 6fc100 12415->12417 12418 6f75e3 __dosmaperr RtlAllocateHeap 12416->12418 12419 6f75e3 __dosmaperr RtlAllocateHeap 12417->12419 12421 6fc125 12417->12421 12420 6fc0f0 12418->12420 12422 6fc130 12419->12422 12423 6f75f6 __dosmaperr RtlAllocateHeap 12420->12423 12421->12406 12424 6f75f6 __dosmaperr RtlAllocateHeap 12422->12424 12425 6fc0f8 12423->12425 12426 6fc138 12424->12426 12425->12406 12427 6f6c5a __cftof RtlAllocateHeap 12426->12427 12427->12425 12428 6c6db5 12429 6c6dc2 12428->12429 12430 6c6dca 12429->12430 12431 6c6df5 12429->12431 12432 6d80c0 RtlAllocateHeap 12430->12432 12434 6d80c0 RtlAllocateHeap 12431->12434 12433 6c6deb shared_ptr 12432->12433 12435 6c6ec1 shared_ptr 12433->12435 12436 6f6c6a RtlAllocateHeap 12433->12436 12434->12433 12437 6c6ee3 12436->12437 12442 6cb7b1 12443 6cb7be 12442->12443 12444 6d7a00 RtlAllocateHeap 12443->12444 12445 6cb7f3 12444->12445 12446 6d7a00 RtlAllocateHeap 12445->12446 12447 6cb80b 12446->12447 12448 6d7a00 RtlAllocateHeap 12447->12448 12449 6cb823 12448->12449 12450 6d7a00 RtlAllocateHeap 12449->12450 12451 6cb835 12450->12451 12480 6c8980 12487 6c89d8 shared_ptr 12480->12487 12490 6c8aea 12480->12490 12481 6d7a00 RtlAllocateHeap 12481->12487 12482 6c5c10 4 API calls 12482->12487 12483 6c8b20 12485 6d8200 RtlAllocateHeap 12483->12485 12484 6d80c0 RtlAllocateHeap 12484->12487 12486 6c8b25 12485->12486 12488 6f6c6a RtlAllocateHeap 12486->12488 12487->12481 12487->12482 12487->12483 12487->12484 12487->12486 12487->12490 12489 6c8b2a 12488->12489 12506 6c3f9f 12507 6c3fad 12506->12507 12511 6c3fc5 12506->12511 12508 6c2410 5 API calls 12507->12508 12509 6c3fb6 12508->12509 12510 6c3ce0 RtlAllocateHeap 12509->12510 12510->12511 12515 6c2b90 12516 6c2bce 12515->12516 12517 6db7fb TpReleaseWork 12516->12517 12518 6c2bdb shared_ptr std::future_error::future_error 12517->12518

                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                            Function 006F652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 358 6f652b-6f6538 call 6fa302 361 6f655a-6f656c call 6f656d ExitProcess 358->361 362 6f653a-6f6548 GetPEB 358->362 362->361 363 6f654a-6f6559 362->363 363->361
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32(?,?,006F652A,?,?,?,?,?,006F7661), ref: 006F6567
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.2139236518.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139204870.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139236518.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139343957.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139366119.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139397070.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139570698.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139599711.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139692832.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139719779.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139737199.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139762891.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139793433.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139820096.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139848259.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139873438.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139902860.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139929743.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139969872.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139988684.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140015501.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140057601.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140088857.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140118842.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140136841.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140173681.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140201170.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140231392.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140261178.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140290122.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140319546.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140351377.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140381170.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140460119.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140485429.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140521260.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140558303.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140593570.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140641466.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140675411.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140695193.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140721788.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140749331.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140853206.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140880243.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140911782.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140938404.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140964553.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140993103.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141021980.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141042278.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141062054.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExitProcess
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 621844428-0
                                                                                                                                                                                                                                                                            • Opcode ID: 36c334f4b39265a5ee94729f498a20c6b9fd1cc3191c9233cb25f8154fe0bf02
                                                                                                                                                                                                                                                                            • Instruction ID: a8d1ef3391d37e110b4e46baa49d3b1d8b149b35398c3c59628faf0fd33381ef
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36c334f4b39265a5ee94729f498a20c6b9fd1cc3191c9233cb25f8154fe0bf02
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3AE08C3000218CAEDE357F58C9099A83B2BEF5274AF045814FA0896622CB29EE81CA80
                                                                                                                                                                                                                                                                            Function 006C9BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.2139236518.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139204870.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139236518.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139343957.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139366119.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139397070.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139570698.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139599711.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139692832.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139719779.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139737199.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139762891.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139793433.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139820096.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139848259.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139873438.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139902860.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139929743.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139969872.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139988684.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140015501.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140057601.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140088857.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140118842.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140136841.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140173681.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140201170.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140231392.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140261178.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140290122.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140319546.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140351377.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140381170.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140460119.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140485429.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140521260.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140558303.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140593570.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140641466.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140675411.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140695193.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140721788.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140749331.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140853206.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140880243.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140911782.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140938404.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140964553.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140993103.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141021980.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141042278.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141062054.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: c109278b67aedbe3c2cfef316435076ff8c545ab2f17f5ef52fce821e00e7808
                                                                                                                                                                                                                                                                            • Instruction ID: 90d9c2ee50c64cf9075c7207a6b45eb586d772e86a18a7c75930fcbca37b2e51
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c109278b67aedbe3c2cfef316435076ff8c545ab2f17f5ef52fce821e00e7808
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A314C31B04204DBEB089B78DCC9BBDB7A3EBC1314F24825DE114A73D5C77599808765
                                                                                                                                                                                                                                                                            Function 006C9F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 22 6c9f44-6c9f64 26 6c9f66-6c9f72 22->26 27 6c9f92-6c9fae 22->27 28 6c9f88-6c9f8f call 6dd663 26->28 29 6c9f74-6c9f82 26->29 30 6c9fdc-6c9ffb 27->30 31 6c9fb0-6c9fbc 27->31 28->27 29->28 32 6ca92b 29->32 36 6c9ffd-6ca009 30->36 37 6ca029-6ca916 call 6d80c0 30->37 34 6c9fbe-6c9fcc 31->34 35 6c9fd2-6c9fd9 call 6dd663 31->35 41 6ca953-6ca994 Sleep CreateMutexA 32->41 42 6ca92b call 6f6c6a 32->42 34->32 34->35 35->30 38 6ca01f-6ca026 call 6dd663 36->38 39 6ca00b-6ca019 36->39 38->37 39->32 39->38 52 6ca996-6ca998 41->52 53 6ca9a7-6ca9a8 41->53 42->41 52->53 54 6ca99a-6ca9a5 52->54 54->53
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.2139236518.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139204870.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139236518.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139343957.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139366119.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139397070.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139570698.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139599711.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139692832.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139719779.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139737199.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139762891.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139793433.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139820096.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139848259.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139873438.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139902860.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139929743.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139969872.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139988684.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140015501.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140057601.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140088857.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140118842.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140136841.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140173681.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140201170.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140231392.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140261178.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140290122.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140319546.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140351377.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140381170.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140460119.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140485429.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140521260.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140558303.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140593570.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140641466.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140675411.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140695193.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140721788.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140749331.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140853206.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140880243.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140911782.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140938404.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140964553.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140993103.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141021980.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141042278.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141062054.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: de60e833b1440a607df19e163759d1b29562c523cb3781bb14495247d591ca9b
                                                                                                                                                                                                                                                                            • Instruction ID: 70354b62f8e109b2b3b379c987a79f830785702cdc26e9dfa18d43d1156e2037
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de60e833b1440a607df19e163759d1b29562c523cb3781bb14495247d591ca9b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D312A31B141448BEB189FB8D889BBCB7A3EBC5318F24825DE114EB3D5C77599808766
                                                                                                                                                                                                                                                                            Function 006CA079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 56 6ca079-6ca099 60 6ca09b-6ca0a7 56->60 61 6ca0c7-6ca0e3 56->61 64 6ca0bd-6ca0c4 call 6dd663 60->64 65 6ca0a9-6ca0b7 60->65 62 6ca0e5-6ca0f1 61->62 63 6ca111-6ca130 61->63 67 6ca107-6ca10e call 6dd663 62->67 68 6ca0f3-6ca101 62->68 69 6ca15e-6ca916 call 6d80c0 63->69 70 6ca132-6ca13e 63->70 64->61 65->64 71 6ca930-6ca994 call 6f6c6a Sleep CreateMutexA 65->71 67->63 68->67 68->71 75 6ca154-6ca15b call 6dd663 70->75 76 6ca140-6ca14e 70->76 86 6ca996-6ca998 71->86 87 6ca9a7-6ca9a8 71->87 75->69 76->71 76->75 86->87 88 6ca99a-6ca9a5 86->88 88->87
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.2139236518.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139204870.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139236518.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139343957.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139366119.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139397070.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139570698.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139599711.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139692832.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139719779.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139737199.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139762891.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139793433.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139820096.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139848259.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139873438.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139902860.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139929743.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139969872.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139988684.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140015501.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140057601.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140088857.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140118842.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140136841.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140173681.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140201170.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140231392.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140261178.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140290122.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140319546.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140351377.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140381170.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140460119.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140485429.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140521260.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140558303.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140593570.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140641466.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140675411.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140695193.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140721788.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140749331.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140853206.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140880243.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140911782.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140938404.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140964553.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140993103.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141021980.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141042278.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141062054.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: a89c18deca79021633d593a471bb4a48b0e98f5efdd34fc5f5c3cd50fe9a07b0
                                                                                                                                                                                                                                                                            • Instruction ID: 96fa178c1dc526016f0ecbd8c796697d580e812994d8129d50e95bc596ccfa36
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a89c18deca79021633d593a471bb4a48b0e98f5efdd34fc5f5c3cd50fe9a07b0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD316A31B141089BEB089BB8DC85FBCB7B3EBC1318F24825DE0149B3D5C77A99808756
                                                                                                                                                                                                                                                                            Function 006CA1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 90 6ca1ae-6ca1ce 94 6ca1fc-6ca218 90->94 95 6ca1d0-6ca1dc 90->95 98 6ca21a-6ca226 94->98 99 6ca246-6ca265 94->99 96 6ca1de-6ca1ec 95->96 97 6ca1f2-6ca1f9 call 6dd663 95->97 96->97 100 6ca935 96->100 97->94 102 6ca23c-6ca243 call 6dd663 98->102 103 6ca228-6ca236 98->103 104 6ca267-6ca273 99->104 105 6ca293-6ca916 call 6d80c0 99->105 107 6ca953-6ca994 Sleep CreateMutexA 100->107 108 6ca935 call 6f6c6a 100->108 102->99 103->100 103->102 111 6ca289-6ca290 call 6dd663 104->111 112 6ca275-6ca283 104->112 120 6ca996-6ca998 107->120 121 6ca9a7-6ca9a8 107->121 108->107 111->105 112->100 112->111 120->121 122 6ca99a-6ca9a5 120->122 122->121
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.2139236518.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139204870.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139236518.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139343957.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139366119.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139397070.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139570698.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139599711.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139692832.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139719779.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139737199.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139762891.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139793433.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139820096.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139848259.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139873438.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139902860.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139929743.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139969872.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139988684.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140015501.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140057601.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140088857.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140118842.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140136841.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140173681.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140201170.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140231392.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140261178.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140290122.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140319546.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140351377.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140381170.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140460119.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140485429.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140521260.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140558303.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140593570.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140641466.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140675411.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140695193.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140721788.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140749331.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140853206.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140880243.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140911782.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140938404.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140964553.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140993103.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141021980.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141042278.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141062054.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: b1daa91632c69c854fa2b0dded5483015701127dbd7f24e9c08f293dfa3ca298
                                                                                                                                                                                                                                                                            • Instruction ID: cdfb6dc412d12e023f3bd6b2d7e6be90c618417a43b2aea33b6fed18d8a3a360
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1daa91632c69c854fa2b0dded5483015701127dbd7f24e9c08f293dfa3ca298
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF312A31B041449BEB089BF8DC89FBDB7A3EBC5318F28425DE014973D5C77999808756
                                                                                                                                                                                                                                                                            Function 006CA418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 124 6ca418-6ca438 128 6ca43a-6ca446 124->128 129 6ca466-6ca482 124->129 130 6ca45c-6ca463 call 6dd663 128->130 131 6ca448-6ca456 128->131 132 6ca484-6ca490 129->132 133 6ca4b0-6ca4cf 129->133 130->129 131->130 136 6ca93f-6ca949 call 6f6c6a * 2 131->136 138 6ca4a6-6ca4ad call 6dd663 132->138 139 6ca492-6ca4a0 132->139 134 6ca4fd-6ca916 call 6d80c0 133->134 135 6ca4d1-6ca4dd 133->135 141 6ca4df-6ca4ed 135->141 142 6ca4f3-6ca4fa call 6dd663 135->142 155 6ca94e 136->155 156 6ca949 call 6f6c6a 136->156 138->133 139->136 139->138 141->136 141->142 142->134 157 6ca953-6ca994 Sleep CreateMutexA 155->157 158 6ca94e call 6f6c6a 155->158 156->155 160 6ca996-6ca998 157->160 161 6ca9a7-6ca9a8 157->161 158->157 160->161 162 6ca99a-6ca9a5 160->162 162->161
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.2139236518.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139204870.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139236518.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139343957.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139366119.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139397070.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139570698.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139599711.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139692832.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139719779.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139737199.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139762891.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139793433.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139820096.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139848259.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139873438.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139902860.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139929743.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139969872.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139988684.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140015501.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140057601.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140088857.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140118842.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140136841.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140173681.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140201170.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140231392.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140261178.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140290122.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140319546.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140351377.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140381170.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140460119.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140485429.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140521260.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140558303.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140593570.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140641466.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140675411.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140695193.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140721788.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140749331.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140853206.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140880243.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140911782.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140938404.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140964553.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140993103.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141021980.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141042278.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141062054.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: f50b9101e6dba7cdab64ab61b91176f228c630c47f95f3e8b77bba3dd604c92f
                                                                                                                                                                                                                                                                            • Instruction ID: 81050cbe8cc4af9ba95319dfb2ea190dc6a02902711590093fe1adfbd6ea536c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f50b9101e6dba7cdab64ab61b91176f228c630c47f95f3e8b77bba3dd604c92f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD313931A001089BEB0C9BB8DC89FBDB6A3EBC1318F24825DE1549B3D5C7B999808656
                                                                                                                                                                                                                                                                            Function 006CA54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 164 6ca54d-6ca56d 168 6ca56f-6ca57b 164->168 169 6ca59b-6ca5b7 164->169 170 6ca57d-6ca58b 168->170 171 6ca591-6ca598 call 6dd663 168->171 172 6ca5b9-6ca5c5 169->172 173 6ca5e5-6ca604 169->173 170->171 176 6ca944-6ca949 call 6f6c6a 170->176 171->169 178 6ca5db-6ca5e2 call 6dd663 172->178 179 6ca5c7-6ca5d5 172->179 174 6ca606-6ca612 173->174 175 6ca632-6ca916 call 6d80c0 173->175 182 6ca628-6ca62f call 6dd663 174->182 183 6ca614-6ca622 174->183 191 6ca94e 176->191 192 6ca949 call 6f6c6a 176->192 178->173 179->176 179->178 182->175 183->176 183->182 195 6ca953-6ca994 Sleep CreateMutexA 191->195 196 6ca94e call 6f6c6a 191->196 192->191 198 6ca996-6ca998 195->198 199 6ca9a7-6ca9a8 195->199 196->195 198->199 200 6ca99a-6ca9a5 198->200 200->199
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.2139236518.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139204870.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139236518.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139343957.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139366119.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139397070.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139570698.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139599711.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139692832.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139719779.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139737199.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139762891.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139793433.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139820096.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139848259.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139873438.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139902860.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139929743.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139969872.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139988684.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140015501.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140057601.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140088857.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140118842.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140136841.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140173681.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140201170.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140231392.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140261178.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140290122.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140319546.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140351377.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140381170.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140460119.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140485429.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140521260.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140558303.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140593570.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140641466.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140675411.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140695193.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140721788.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140749331.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140853206.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140880243.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140911782.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140938404.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140964553.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140993103.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141021980.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141042278.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141062054.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: fef2fcbf16cb34c2467e56555a7d6cf1636bb2689d05921cc68955cbde34bfcc
                                                                                                                                                                                                                                                                            • Instruction ID: 81fce61043a6f89796290a90c09e2db427b78c7ab62981cdf9e0b2a0e6d7ceb4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fef2fcbf16cb34c2467e56555a7d6cf1636bb2689d05921cc68955cbde34bfcc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77314831A041088BEB08DBB8DC89FBCB7A3EBC5318F24825DE154AB3D5C77999818756
                                                                                                                                                                                                                                                                            Function 006CA682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 202 6ca682-6ca6a2 206 6ca6a4-6ca6b0 202->206 207 6ca6d0-6ca6ec 202->207 208 6ca6c6-6ca6cd call 6dd663 206->208 209 6ca6b2-6ca6c0 206->209 210 6ca6ee-6ca6fa 207->210 211 6ca71a-6ca739 207->211 208->207 209->208 212 6ca949 209->212 214 6ca6fc-6ca70a 210->214 215 6ca710-6ca717 call 6dd663 210->215 216 6ca73b-6ca747 211->216 217 6ca767-6ca916 call 6d80c0 211->217 218 6ca94e 212->218 219 6ca949 call 6f6c6a 212->219 214->212 214->215 215->211 223 6ca75d-6ca764 call 6dd663 216->223 224 6ca749-6ca757 216->224 227 6ca953-6ca994 Sleep CreateMutexA 218->227 228 6ca94e call 6f6c6a 218->228 219->218 223->217 224->212 224->223 234 6ca996-6ca998 227->234 235 6ca9a7-6ca9a8 227->235 228->227 234->235 236 6ca99a-6ca9a5 234->236 236->235
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.2139236518.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139204870.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139236518.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139343957.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139366119.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139397070.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139570698.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139599711.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139692832.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139719779.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139737199.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139762891.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139793433.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139820096.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139848259.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139873438.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139902860.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139929743.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139969872.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139988684.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140015501.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140057601.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140088857.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140118842.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140136841.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140173681.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140201170.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140231392.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140261178.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140290122.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140319546.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140351377.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140381170.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140460119.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140485429.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140521260.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140558303.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140593570.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140641466.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140675411.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140695193.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140721788.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140749331.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140853206.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140880243.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140911782.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140938404.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140964553.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140993103.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141021980.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141042278.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141062054.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: 0707cb92613688ba99846ca4e1ed3e8b966b665b03dc23a17f123be9dbfdf9c6
                                                                                                                                                                                                                                                                            • Instruction ID: fb8c36d4c1103cf68e6484230b29ff082c16cc9d88983ae553750543827a34df
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0707cb92613688ba99846ca4e1ed3e8b966b665b03dc23a17f123be9dbfdf9c6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29312831A041088BEB089BB8DD89FBDB7A3EBC1318F24825DE1149B3D5C77999808666
                                                                                                                                                                                                                                                                            Function 006C9ADC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 238 6c9adc-6c9ae8 239 6c9afe-6c9d91 call 6dd663 call 6d7a00 call 6c5c10 call 6c8b30 call 6d8220 call 6d7a00 call 6c5c10 call 6c8b30 call 6d8220 238->239 240 6c9aea-6c9af8 238->240 240->239 241 6ca917 240->241 244 6ca953-6ca994 Sleep CreateMutexA 241->244 245 6ca917 call 6f6c6a 241->245 250 6ca996-6ca998 244->250 251 6ca9a7-6ca9a8 244->251 245->244 250->251 253 6ca99a-6ca9a5 250->253 253->251
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.2139236518.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139204870.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139236518.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139343957.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139366119.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139397070.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139570698.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139599711.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139692832.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139719779.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139737199.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139762891.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139793433.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139820096.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139848259.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139873438.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139902860.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139929743.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139969872.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139988684.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140015501.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140057601.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140088857.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140118842.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140136841.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140173681.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140201170.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140231392.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140261178.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140290122.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140319546.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140351377.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140381170.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140460119.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140485429.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140521260.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140558303.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140593570.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140641466.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140675411.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140695193.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140721788.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140749331.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140853206.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140880243.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140911782.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140938404.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140964553.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140993103.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141021980.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141042278.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141062054.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: 9afa5b4d153fa274d60fb0e61ad0673c7ab00d7476a075cb599da8ee998eecf1
                                                                                                                                                                                                                                                                            • Instruction ID: 58c7c2a6cc72e602d4a6f2dfbd15bfffe0d93c4ceae0dfc47d8bb86bbe2b49d8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9afa5b4d153fa274d60fb0e61ad0673c7ab00d7476a075cb599da8ee998eecf1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E213A31B14204DBEB189BACEC89B7DB7A3EBC1314F24422DE508973D5C77999808656
                                                                                                                                                                                                                                                                            Function 006CA856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 306 6ca856-6ca86e 307 6ca89c-6ca89e 306->307 308 6ca870-6ca87c 306->308 311 6ca8a9-6ca8b1 call 6c7d30 307->311 312 6ca8a0-6ca8a7 307->312 309 6ca87e-6ca88c 308->309 310 6ca892-6ca899 call 6dd663 308->310 309->310 313 6ca94e 309->313 310->307 323 6ca8e4-6ca8e6 311->323 324 6ca8b3-6ca8bb call 6c7d30 311->324 315 6ca8eb-6ca916 call 6d80c0 312->315 320 6ca953-6ca987 Sleep CreateMutexA 313->320 321 6ca94e call 6f6c6a 313->321 325 6ca98e-6ca994 320->325 321->320 323->315 324->323 331 6ca8bd-6ca8c5 call 6c7d30 324->331 327 6ca996-6ca998 325->327 328 6ca9a7-6ca9a8 325->328 327->328 330 6ca99a-6ca9a5 327->330 330->328 331->323 335 6ca8c7-6ca8cf call 6c7d30 331->335 335->323 338 6ca8d1-6ca8d9 call 6c7d30 335->338 338->323 341 6ca8db-6ca8e2 338->341 341->315
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.2139236518.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139204870.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139236518.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139343957.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139366119.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139397070.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139570698.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139599711.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139692832.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139719779.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139737199.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139762891.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139793433.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139820096.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139848259.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139873438.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139902860.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139929743.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139969872.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139988684.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140015501.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140057601.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140088857.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140118842.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140136841.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140173681.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140201170.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140231392.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140261178.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140290122.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140319546.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140351377.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140381170.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140460119.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140485429.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140521260.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140558303.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140593570.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140641466.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140675411.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140695193.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140721788.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140749331.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140853206.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140880243.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140911782.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140938404.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140964553.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140993103.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141021980.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141042278.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141062054.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: 22f96bbe76345f123d06fcbf391f38669125cfd87492fc8fd312bce8e1316c27
                                                                                                                                                                                                                                                                            • Instruction ID: a10f9a20ccf157b6926c90e2fd63985224ae9395e500fb3098ce947e6e459ee0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22f96bbe76345f123d06fcbf391f38669125cfd87492fc8fd312bce8e1316c27
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0213D71759204DBF72467F89886F7DB2A3DF81308F24441EE144D73D1CB7A99818597
                                                                                                                                                                                                                                                                            Function 006CA34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 283 6ca34f-6ca35b 284 6ca35d-6ca36b 283->284 285 6ca371-6ca39a call 6dd663 283->285 284->285 286 6ca93a 284->286 291 6ca39c-6ca3a8 285->291 292 6ca3c8-6ca916 call 6d80c0 285->292 289 6ca953-6ca994 Sleep CreateMutexA 286->289 290 6ca93a call 6f6c6a 286->290 297 6ca996-6ca998 289->297 298 6ca9a7-6ca9a8 289->298 290->289 293 6ca3be-6ca3c5 call 6dd663 291->293 294 6ca3aa-6ca3b8 291->294 293->292 294->286 294->293 297->298 302 6ca99a-6ca9a5 297->302 302->298
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.2139236518.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139204870.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139236518.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139343957.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139366119.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139397070.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139570698.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139599711.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139692832.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139719779.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139737199.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139762891.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139793433.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139820096.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139848259.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139873438.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139902860.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139929743.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139969872.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139988684.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140015501.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140057601.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140088857.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140118842.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140136841.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140173681.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140201170.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140231392.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140261178.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140290122.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140319546.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140351377.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140381170.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140460119.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140485429.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140521260.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140558303.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140593570.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140641466.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140675411.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140695193.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140721788.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140749331.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140853206.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140880243.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140911782.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140938404.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140964553.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140993103.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141021980.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141042278.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141062054.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: 0ed52a238e1b6b82678e2e44c5d6976de12c370686bb29456f9e077a50baa99b
                                                                                                                                                                                                                                                                            • Instruction ID: 611de5df150f1332c6eaceb092906d2a2426d7ec515a7c2f195397d35a97a757
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ed52a238e1b6b82678e2e44c5d6976de12c370686bb29456f9e077a50baa99b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE213A32B14248DBEB189BA8EC85B7CB7A3EBC1318F24422DE508D77D5C77999808652
                                                                                                                                                                                                                                                                            Function 006FD82F Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 342 6fd82f-6fd83a 343 6fd83c-6fd846 342->343 344 6fd848-6fd84e 342->344 343->344 345 6fd87c-6fd887 call 6f75f6 343->345 346 6fd867-6fd878 RtlAllocateHeap 344->346 347 6fd850-6fd851 344->347 352 6fd889-6fd88b 345->352 348 6fd87a 346->348 349 6fd853-6fd85a call 6f9dc0 346->349 347->346 348->352 349->345 355 6fd85c-6fd865 call 6f8e36 349->355 355->345 355->346
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,006FA813,00000001,00000364,00000006,000000FF,?,006FEE3F,?,00000004,00000000,?,?), ref: 006FD871
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.2139236518.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139204870.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139236518.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139343957.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139366119.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139397070.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139570698.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139599711.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139692832.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139719779.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139737199.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139762891.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139793433.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139820096.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139848259.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139873438.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139902860.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139929743.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139969872.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139988684.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140015501.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140057601.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140088857.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140118842.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140136841.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140173681.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140201170.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140231392.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140261178.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140290122.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140319546.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140351377.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140381170.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140460119.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140485429.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140521260.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140558303.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140593570.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140641466.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140675411.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140695193.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140721788.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140749331.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140853206.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140880243.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140911782.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140938404.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140964553.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140993103.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141021980.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141042278.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141062054.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                            • Opcode ID: fa654f08c3674812dc2432e072f7b06124a03e6e87eeaf04f4d42f7613ee1c87
                                                                                                                                                                                                                                                                            • Instruction ID: d52ece1b0bfd38cbd5ca13e3f0683c4fdfa37083253e5b5a35401c61df1a69f7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa654f08c3674812dc2432e072f7b06124a03e6e87eeaf04f4d42f7613ee1c87
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84F0E93161512CA6EB212A769C01BBF375BDF463F0B148025EF2497281DA20FC0185E0

                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                            Function 006FCBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.2139236518.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139204870.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139236518.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139343957.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139366119.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139397070.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139570698.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139599711.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139692832.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139719779.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139737199.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139762891.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139793433.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139820096.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139848259.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139873438.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139902860.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139929743.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139969872.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139988684.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140015501.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140057601.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140088857.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140118842.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140136841.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140173681.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140201170.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140231392.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140261178.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140290122.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140319546.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140351377.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140381170.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140460119.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140485429.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140521260.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140558303.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140593570.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140641466.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140675411.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140695193.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140721788.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140749331.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140853206.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140880243.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140911782.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140938404.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140964553.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140993103.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141021980.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141042278.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141062054.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _strrchr
                                                                                                                                                                                                                                                                            • String ID: vo
                                                                                                                                                                                                                                                                            • API String ID: 3213747228-1079588389
                                                                                                                                                                                                                                                                            • Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
                                                                                                                                                                                                                                                                            • Instruction ID: 781e3455bcf7cf3bafecd55fdf8943d0cfaaa71d9f39693f4d44b2eece119302
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61B1253290468D9FDB15CF28C981BFEBBE6EF45360F1441AAEA55EB341D6348D02CB64
                                                                                                                                                                                                                                                                            Function 006C2EC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.2139236518.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139204870.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139236518.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139343957.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139366119.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139397070.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139570698.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139599711.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139692832.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139719779.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139737199.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139762891.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139793433.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139820096.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139848259.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139873438.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139902860.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139929743.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139969872.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139988684.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140015501.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140057601.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140088857.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140118842.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140136841.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140173681.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140201170.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140231392.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140261178.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140290122.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140319546.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140351377.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140381170.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140460119.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140485429.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140521260.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140558303.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140593570.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140641466.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140675411.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140695193.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140721788.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140749331.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140853206.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140880243.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140911782.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140938404.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140964553.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140993103.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141021980.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141042278.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141062054.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Mtx_unlock$Cnd_broadcast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 32384418-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2ade736043d7e99650afffb3d1cf8ba0c4aaea43c4a262e26dc5ad02c1a9efd8
                                                                                                                                                                                                                                                                            • Instruction ID: d22e544384eedfe821256ea469ef064d1c5ae300786623d39fe3ac15a222fd20
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ade736043d7e99650afffb3d1cf8ba0c4aaea43c4a262e26dc5ad02c1a9efd8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38A1E0B1E0061A9FDB20DF64C944BAAB7AAFF15320F14812EE815D7741EB31EA04CBD1
                                                                                                                                                                                                                                                                            Function 006DBB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.2139236518.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139204870.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139236518.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139343957.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139366119.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139397070.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139570698.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139599711.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139692832.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139719779.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139737199.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139762891.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139793433.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139820096.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139848259.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139873438.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139902860.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139929743.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139969872.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139988684.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140015501.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140057601.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140088857.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140118842.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140136841.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140173681.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140201170.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140231392.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140261178.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140290122.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140319546.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140351377.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140381170.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140460119.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140485429.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140521260.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140558303.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140593570.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140641466.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140675411.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140695193.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140721788.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140749331.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140853206.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140880243.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140911782.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140938404.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140964553.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140993103.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141021980.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141042278.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141062054.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 531285432-0
                                                                                                                                                                                                                                                                            • Opcode ID: 36500ee623d7236ec423328c6b29a1f8385e1625ae699bc22d247d177bb2590f
                                                                                                                                                                                                                                                                            • Instruction ID: 5926481f487d45fc69301ff353fa202e23a701d2c6692f1efc9a672f809821f6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36500ee623d7236ec423328c6b29a1f8385e1625ae699bc22d247d177bb2590f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF21FB71E0011AAFDF10EFA4D881AFEB7BAAF08720B51401AF501A7391DB749D419BA4
                                                                                                                                                                                                                                                                            Function 006FF35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.2139236518.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139204870.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139236518.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139343957.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139366119.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139397070.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139570698.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139599711.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139636636.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139692832.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139719779.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139737199.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139762891.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139793433.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139820096.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139848259.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139873438.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139902860.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139929743.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139969872.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2139988684.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140015501.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140057601.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140088857.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140118842.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140136841.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140173681.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140201170.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140231392.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140261178.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140290122.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140319546.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140351377.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140381170.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140460119.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140485429.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140521260.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140558303.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140593570.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140641466.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140675411.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140695193.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140721788.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140749331.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140777619.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140853206.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140880243.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140911782.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140938404.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140964553.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2140993103.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141021980.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141042278.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.2141062054.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ___free_lconv_mon
                                                                                                                                                                                                                                                                            • String ID: 8"r$`'r
                                                                                                                                                                                                                                                                            • API String ID: 3903695350-3437196005
                                                                                                                                                                                                                                                                            • Opcode ID: 0feb397f4af5da43015708793676ce9f631554acdf0b547b1f8e659196dc220f
                                                                                                                                                                                                                                                                            • Instruction ID: a275a869d2e3d97aea03700a2dd367473d1ccdb051bb3c82f4d80c93d18584ba
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0feb397f4af5da43015708793676ce9f631554acdf0b547b1f8e659196dc220f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8316B7260020DDFEB20AB79D845BBB73EAEF00311F10442DE249D6692DE30AC80CB65

                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                            Execution Coverage:0.9%
                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                                                                                                            Total number of Nodes:1842
                                                                                                                                                                                                                                                                            Total number of Limit Nodes:15
                                                                                                                                                                                                                                                                            execution_graph 9840 6c1860 9841 6d80c0 RtlAllocateHeap 9840->9841 9842 6c1871 9841->9842 9845 6dd64e 9842->9845 9848 6dd621 9845->9848 9849 6dd637 9848->9849 9850 6dd630 9848->9850 9857 6f98fa 9849->9857 9854 6f988e 9850->9854 9853 6c187b 9855 6f98fa RtlAllocateHeap 9854->9855 9856 6f98a0 9855->9856 9856->9853 9860 6f9630 9857->9860 9859 6f992b 9859->9853 9861 6f963c __dosmaperr 9860->9861 9864 6f968b 9861->9864 9863 6f9657 9863->9859 9865 6f96a7 9864->9865 9867 6f971e __dosmaperr 9864->9867 9866 6f96fe 9865->9866 9865->9867 9874 6fedf6 9865->9874 9866->9867 9869 6fedf6 RtlAllocateHeap 9866->9869 9867->9863 9871 6f9714 9869->9871 9870 6f96f4 9872 6fadf5 __freea RtlAllocateHeap 9870->9872 9873 6fadf5 __freea RtlAllocateHeap 9871->9873 9872->9866 9873->9867 9875 6fee1e 9874->9875 9876 6fee03 9874->9876 9878 6fee2d 9875->9878 9883 704fdc 9875->9883 9876->9875 9877 6fee0f 9876->9877 9879 6f75f6 __dosmaperr RtlAllocateHeap 9877->9879 9890 70500f 9878->9890 9882 6fee14 __cftof 9879->9882 9882->9870 9884 704fe7 9883->9884 9885 704ffc 9883->9885 9886 6f75f6 __dosmaperr RtlAllocateHeap 9884->9886 9885->9878 9887 704fec 9886->9887 9888 6f6c5a __cftof RtlAllocateHeap 9887->9888 9889 704ff7 9888->9889 9889->9878 9891 705027 9890->9891 9892 70501c 9890->9892 9894 70502f 9891->9894 9898 705038 __dosmaperr 9891->9898 9899 6fb04b 9892->9899 9895 6fadf5 __freea RtlAllocateHeap 9894->9895 9897 705024 9895->9897 9896 6f75f6 __dosmaperr RtlAllocateHeap 9896->9897 9897->9882 9898->9896 9898->9897 9900 6fb059 __dosmaperr 9899->9900 9901 6f75f6 __dosmaperr RtlAllocateHeap 9900->9901 9902 6fb087 9900->9902 9901->9902 9902->9897 9938 6ca079 9939 6ca081 shared_ptr 9938->9939 9940 6ca930 9939->9940 9942 6ca154 shared_ptr 9939->9942 9941 6f6c6a RtlAllocateHeap 9940->9941 9943 6ca953 Sleep CreateMutexA 9941->9943 9944 6d80c0 RtlAllocateHeap 9942->9944 9946 6ca98e 9943->9946 9945 6ca903 9944->9945 9947 6ccc79 9948 6ccc84 shared_ptr 9947->9948 9949 6cccda shared_ptr __floor_pentium4 9948->9949 9950 6f6c6a RtlAllocateHeap 9948->9950 9951 6cce36 9950->9951 9957 6d7a00 9951->9957 9953 6cce92 9971 6c5c10 9953->9971 9955 6cce9d 10022 6cca70 9955->10022 9958 6d7a26 9957->9958 9959 6d7a2d 9958->9959 9960 6d7a81 9958->9960 9961 6d7a62 9958->9961 9959->9953 9965 6dd3e2 RtlAllocateHeap 9960->9965 9969 6d7a76 __cftof 9960->9969 9962 6d7ab9 9961->9962 9963 6d7a69 9961->9963 9966 6c2480 RtlAllocateHeap 9962->9966 9964 6dd3e2 RtlAllocateHeap 9963->9964 9967 6d7a6f 9964->9967 9965->9969 9966->9967 9968 6f6c6a RtlAllocateHeap 9967->9968 9967->9969 9970 6d7ac3 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ __Cnd_unregister_at_thread_exit 9968->9970 9969->9953 9970->9953 10042 6c5940 9971->10042 9973 6c5c54 10045 6c4b30 9973->10045 9976 6c5d17 shared_ptr __floor_pentium4 9976->9955 9977 6f6c6a RtlAllocateHeap 9978 6c5d47 __cftof 9977->9978 9978->9978 9979 6d80c0 RtlAllocateHeap 9978->9979 9981 6c5e3e 9979->9981 9980 6c5ea6 shared_ptr __floor_pentium4 9980->9955 9981->9980 9982 6f6c6a RtlAllocateHeap 9981->9982 9983 6c5ed2 9982->9983 9984 6c5ffe shared_ptr __floor_pentium4 9983->9984 9985 6f6c6a RtlAllocateHeap 9983->9985 9984->9955 9986 6c601b 9985->9986 9987 6d80c0 RtlAllocateHeap 9986->9987 9988 6c6089 9987->9988 9989 6d80c0 RtlAllocateHeap 9988->9989 9990 6c60bd 9989->9990 9991 6d80c0 RtlAllocateHeap 9990->9991 9992 6c60ee 9991->9992 9993 6d80c0 RtlAllocateHeap 9992->9993 9994 6c611f 9993->9994 9995 6d80c0 RtlAllocateHeap 9994->9995 9997 6c6150 9995->9997 9996 6c65b1 shared_ptr __floor_pentium4 9996->9955 9997->9996 9998 6f6c6a RtlAllocateHeap 9997->9998 9999 6c65dc 9998->9999 10000 6d7a00 RtlAllocateHeap 9999->10000 10001 6c66a6 10000->10001 10002 6c5c10 4 API calls 10001->10002 10003 6c66ac 10002->10003 10004 6c5c10 4 API calls 10003->10004 10005 6c66b1 10004->10005 10052 6c22c0 10005->10052 10007 6c66c9 shared_ptr 10008 6d7a00 RtlAllocateHeap 10007->10008 10009 6c6732 10008->10009 10010 6c5c10 4 API calls 10009->10010 10011 6c673d 10010->10011 10012 6c22c0 4 API calls 10011->10012 10021 6c6757 shared_ptr 10012->10021 10013 6c6852 10014 6d80c0 RtlAllocateHeap 10013->10014 10016 6c689c 10014->10016 10015 6d7a00 RtlAllocateHeap 10015->10021 10017 6d80c0 RtlAllocateHeap 10016->10017 10020 6c68e3 shared_ptr __floor_pentium4 10017->10020 10018 6c5c10 4 API calls 10018->10021 10019 6c22c0 4 API calls 10019->10021 10020->9955 10021->10013 10021->10015 10021->10018 10021->10019 10023 6ccadd 10022->10023 10025 6d7a00 RtlAllocateHeap 10023->10025 10027 6ccc87 10023->10027 10024 6cccda shared_ptr __floor_pentium4 10026 6cccee 10025->10026 10028 6c5c10 4 API calls 10026->10028 10027->10024 10029 6f6c6a RtlAllocateHeap 10027->10029 10030 6cccf9 10028->10030 10031 6cce36 10029->10031 10545 6c9030 10030->10545 10033 6d7a00 RtlAllocateHeap 10031->10033 10035 6cce92 10033->10035 10034 6ccd0d 10558 6d8220 10034->10558 10037 6c5c10 4 API calls 10035->10037 10039 6cce9d 10037->10039 10038 6ccd1f 10566 6d8f40 10038->10566 10040 6cca70 4 API calls 10039->10040 10055 6d7f80 10042->10055 10044 6c596b 10044->9973 10046 6c4dc2 10045->10046 10050 6c4b92 10045->10050 10046->9976 10046->9977 10048 6c4ce5 10048->10046 10049 6d8ca0 RtlAllocateHeap 10048->10049 10049->10048 10050->10048 10070 6f6da6 10050->10070 10075 6d8ca0 10050->10075 10259 6c2280 10052->10259 10058 6d7fc7 10055->10058 10060 6d7f9e __cftof 10055->10060 10056 6d80b3 10057 6d9270 RtlAllocateHeap 10056->10057 10059 6d80b8 10057->10059 10058->10056 10061 6d803e 10058->10061 10062 6d801b 10058->10062 10063 6c2480 RtlAllocateHeap 10059->10063 10060->10044 10066 6dd3e2 RtlAllocateHeap 10061->10066 10067 6d802c __cftof 10061->10067 10062->10059 10065 6dd3e2 RtlAllocateHeap 10062->10065 10064 6d80bd 10063->10064 10065->10067 10066->10067 10068 6d8095 shared_ptr 10067->10068 10069 6f6c6a RtlAllocateHeap 10067->10069 10068->10044 10069->10056 10071 6f6db4 10070->10071 10072 6f6dc2 10070->10072 10090 6f6d19 10071->10090 10072->10050 10076 6d8dc9 10075->10076 10078 6d8cc3 10075->10078 10077 6d9270 RtlAllocateHeap 10076->10077 10079 6d8dce 10077->10079 10080 6d8d2f 10078->10080 10081 6d8d05 10078->10081 10082 6c2480 RtlAllocateHeap 10079->10082 10086 6dd3e2 RtlAllocateHeap 10080->10086 10088 6d8d16 __cftof 10080->10088 10081->10079 10083 6d8d10 10081->10083 10082->10088 10085 6dd3e2 RtlAllocateHeap 10083->10085 10084 6f6c6a RtlAllocateHeap 10087 6d8dd8 10084->10087 10085->10088 10086->10088 10088->10084 10089 6d8d8b shared_ptr __cftof 10088->10089 10089->10050 10095 6f690a 10090->10095 10094 6f6d3d 10094->10050 10096 6f692a 10095->10096 10102 6f6921 10095->10102 10096->10102 10109 6fa671 10096->10109 10103 6f6d52 10102->10103 10104 6f6d8f 10103->10104 10106 6f6d5f 10103->10106 10243 6fb67d 10104->10243 10108 6f6d6e 10106->10108 10238 6fb6a1 10106->10238 10108->10094 10110 6fa67b __dosmaperr 10109->10110 10111 6fd82f __dosmaperr RtlAllocateHeap 10110->10111 10113 6fa694 10110->10113 10112 6fa6bc __dosmaperr 10111->10112 10116 6fa6fc 10112->10116 10117 6fa6c4 __dosmaperr 10112->10117 10114 6f694a 10113->10114 10131 6f8bec 10113->10131 10123 6fb5fb 10114->10123 10120 6fa49f __dosmaperr RtlAllocateHeap 10116->10120 10118 6fadf5 __freea RtlAllocateHeap 10117->10118 10118->10113 10121 6fa707 10120->10121 10122 6fadf5 __freea RtlAllocateHeap 10121->10122 10122->10113 10124 6fb60e 10123->10124 10126 6f6960 10123->10126 10124->10126 10164 6ff5ab 10124->10164 10127 6fb628 10126->10127 10128 6fb63b 10127->10128 10130 6fb650 10127->10130 10128->10130 10177 6fe6b1 10128->10177 10130->10102 10132 6f8bf1 __cftof 10131->10132 10134 6f8bfc __cftof 10132->10134 10137 6fd634 10132->10137 10158 6f65ed 10134->10158 10138 6fd640 __dosmaperr 10137->10138 10139 6fa7c8 __dosmaperr RtlAllocateHeap 10138->10139 10143 6fd667 __cftof 10138->10143 10146 6fd66d __cftof __dosmaperr 10138->10146 10139->10143 10140 6fd6b2 10141 6f75f6 __dosmaperr RtlAllocateHeap 10140->10141 10142 6fd6b7 10141->10142 10144 6f6c5a __cftof RtlAllocateHeap 10142->10144 10143->10140 10145 6fd69c 10143->10145 10143->10146 10144->10145 10145->10134 10147 6fd81b __dosmaperr 10146->10147 10148 6fd726 10146->10148 10155 6fd751 __cftof 10146->10155 10149 6f65ed __cftof 3 API calls 10147->10149 10148->10155 10161 6fd62b 10148->10161 10150 6fd82e 10149->10150 10152 6fa671 __cftof 4 API calls 10156 6fd7a5 10152->10156 10154 6fd62b __cftof 4 API calls 10154->10155 10155->10145 10155->10152 10155->10156 10156->10145 10157 6fa671 __cftof 4 API calls 10156->10157 10157->10145 10159 6f64c7 __cftof 3 API calls 10158->10159 10160 6f65fe 10159->10160 10162 6fa671 __cftof 4 API calls 10161->10162 10163 6fd630 10162->10163 10163->10154 10165 6ff5b7 __dosmaperr 10164->10165 10166 6fa671 __cftof 4 API calls 10165->10166 10168 6ff5c0 __dosmaperr 10166->10168 10167 6ff606 10167->10126 10168->10167 10173 6ff62c 10168->10173 10170 6ff5ef __cftof 10170->10167 10171 6f8bec __cftof 4 API calls 10170->10171 10172 6ff62b 10171->10172 10174 6ff63a __dosmaperr 10173->10174 10176 6ff647 10173->10176 10175 6ff35f __dosmaperr RtlAllocateHeap 10174->10175 10174->10176 10175->10176 10176->10170 10178 6fa671 __cftof 4 API calls 10177->10178 10179 6fe6bb 10178->10179 10182 6fe5c9 10179->10182 10181 6fe6c1 10181->10130 10183 6fe5d5 __dosmaperr 10182->10183 10185 6fe5ef __cftof 10183->10185 10190 6fadf5 __freea RtlAllocateHeap 10183->10190 10184 6fe5f6 10184->10181 10185->10184 10186 6f8bec __cftof 4 API calls 10185->10186 10187 6fe668 10186->10187 10188 6fe6a4 10187->10188 10193 6fa72e 10187->10193 10188->10181 10190->10185 10194 6fa739 __dosmaperr 10193->10194 10195 6fa745 10194->10195 10196 6fd82f __dosmaperr RtlAllocateHeap 10194->10196 10197 6f8bec __cftof 4 API calls 10195->10197 10199 6fa7be 10195->10199 10200 6fa769 __dosmaperr 10196->10200 10198 6fa7c7 10197->10198 10207 6fe4b0 10199->10207 10201 6fa771 __dosmaperr 10200->10201 10202 6fa7a5 10200->10202 10204 6fadf5 __freea RtlAllocateHeap 10201->10204 10203 6fa49f __dosmaperr RtlAllocateHeap 10202->10203 10205 6fa7b0 10203->10205 10204->10195 10206 6fadf5 __freea RtlAllocateHeap 10205->10206 10206->10195 10208 6fe5c9 __cftof 4 API calls 10207->10208 10209 6fe4c3 10208->10209 10226 6fe259 10209->10226 10211 6fe4dc 10211->10188 10213 6fb04b __cftof RtlAllocateHeap 10214 6fe4ed 10213->10214 10215 6fe51f 10214->10215 10229 6fe6c4 10214->10229 10217 6fadf5 __freea RtlAllocateHeap 10215->10217 10219 6fe52d 10217->10219 10218 6fe512 10220 6fe51a 10218->10220 10223 6fe535 __cftof 10218->10223 10219->10188 10221 6f75f6 __dosmaperr RtlAllocateHeap 10220->10221 10221->10215 10222 6fe561 10222->10215 10234 6fe14b 10222->10234 10223->10222 10224 6fadf5 __freea RtlAllocateHeap 10223->10224 10224->10222 10227 6f690a __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 10226->10227 10228 6fe26b 10227->10228 10228->10211 10228->10213 10230 6fe259 __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 10229->10230 10233 6fe6e4 __cftof 10230->10233 10231 6fe75a __cftof __floor_pentium4 10231->10218 10232 6fe32f __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 10232->10231 10233->10231 10233->10232 10235 6fe157 __dosmaperr 10234->10235 10236 6fe198 __cftof RtlAllocateHeap 10235->10236 10237 6fe16e __cftof 10236->10237 10237->10215 10239 6f690a __cftof 4 API calls 10238->10239 10240 6fb6be 10239->10240 10242 6fb6ce __floor_pentium4 10240->10242 10248 6ff1bf 10240->10248 10242->10108 10244 6fa671 __cftof 4 API calls 10243->10244 10245 6fb688 10244->10245 10246 6fb5fb __cftof 4 API calls 10245->10246 10247 6fb698 10246->10247 10247->10108 10249 6f690a __cftof 4 API calls 10248->10249 10250 6ff1df __cftof 10249->10250 10251 6ff29d __floor_pentium4 10250->10251 10252 6fb04b __cftof RtlAllocateHeap 10250->10252 10254 6ff232 __cftof 10250->10254 10251->10242 10252->10254 10255 6ff2c2 10254->10255 10256 6ff2ce 10255->10256 10257 6ff2df 10255->10257 10256->10257 10258 6fadf5 __freea RtlAllocateHeap 10256->10258 10257->10251 10258->10257 10260 6c2296 10259->10260 10263 6f87f8 10260->10263 10266 6f7609 10263->10266 10265 6c22a4 10265->10007 10267 6f7649 10266->10267 10268 6f7631 10266->10268 10267->10268 10270 6f7651 10267->10270 10269 6f75f6 __dosmaperr RtlAllocateHeap 10268->10269 10271 6f7636 10269->10271 10272 6f690a __cftof 4 API calls 10270->10272 10273 6f6c5a __cftof RtlAllocateHeap 10271->10273 10274 6f7661 10272->10274 10275 6f7641 __floor_pentium4 10273->10275 10279 6f7bc4 10274->10279 10275->10265 10295 6f868d 10279->10295 10281 6f7bd5 10282 6f7be4 10281->10282 10284 6f76e8 10281->10284 10302 6f7d15 10281->10302 10310 6f8168 10281->10310 10315 6f7dc2 10281->10315 10320 6f7de8 10281->10320 10349 6f7f36 10281->10349 10283 6f75f6 __dosmaperr RtlAllocateHeap 10282->10283 10285 6f7be9 10283->10285 10292 6f7a19 10284->10292 10286 6f6c5a __cftof RtlAllocateHeap 10285->10286 10286->10284 10293 6fadf5 __freea RtlAllocateHeap 10292->10293 10294 6f7a29 10293->10294 10294->10275 10296 6f86a5 10295->10296 10297 6f8692 10295->10297 10296->10281 10298 6f75f6 __dosmaperr RtlAllocateHeap 10297->10298 10299 6f8697 10298->10299 10300 6f6c5a __cftof RtlAllocateHeap 10299->10300 10301 6f86a2 10300->10301 10301->10281 10371 6f7d34 10302->10371 10304 6f7d1a 10305 6f7d31 10304->10305 10306 6f75f6 __dosmaperr RtlAllocateHeap 10304->10306 10305->10281 10307 6f7d23 10306->10307 10308 6f6c5a __cftof RtlAllocateHeap 10307->10308 10309 6f7d2e 10308->10309 10309->10281 10311 6f8171 10310->10311 10313 6f8178 10310->10313 10380 6f7b50 10311->10380 10313->10281 10316 6f7dcb 10315->10316 10318 6f7dd2 10315->10318 10317 6f7b50 4 API calls 10316->10317 10319 6f7dd1 10317->10319 10318->10281 10319->10281 10321 6f7def 10320->10321 10322 6f7e09 10320->10322 10323 6f7f4f 10321->10323 10324 6f7fbb 10321->10324 10326 6f7e39 10321->10326 10325 6f75f6 __dosmaperr RtlAllocateHeap 10322->10325 10322->10326 10336 6f7f92 10323->10336 10338 6f7f5b 10323->10338 10329 6f7fc2 10324->10329 10330 6f8001 10324->10330 10324->10336 10327 6f7e25 10325->10327 10326->10281 10328 6f6c5a __cftof RtlAllocateHeap 10327->10328 10331 6f7e30 10328->10331 10332 6f7f69 10329->10332 10333 6f7fc7 10329->10333 10439 6f8604 10330->10439 10331->10281 10347 6f7f77 10332->10347 10348 6f7f8b 10332->10348 10433 6f8241 10332->10433 10333->10336 10337 6f7fcc 10333->10337 10335 6f7fa2 10335->10348 10410 6f8390 10335->10410 10336->10347 10336->10348 10424 6f8420 10336->10424 10341 6f7fdf 10337->10341 10342 6f7fd1 10337->10342 10338->10332 10338->10335 10338->10347 10418 6f8571 10341->10418 10342->10348 10414 6f85e5 10342->10414 10347->10348 10442 6f86ea 10347->10442 10348->10281 10350 6f7f4f 10349->10350 10351 6f7fbb 10349->10351 10358 6f7f92 10350->10358 10359 6f7f5b 10350->10359 10352 6f7fc2 10351->10352 10353 6f8001 10351->10353 10351->10358 10354 6f7f69 10352->10354 10355 6f7fc7 10352->10355 10356 6f8604 RtlAllocateHeap 10353->10356 10361 6f8241 4 API calls 10354->10361 10369 6f7f77 10354->10369 10370 6f7f8b 10354->10370 10355->10358 10362 6f7fcc 10355->10362 10356->10369 10357 6f7fa2 10366 6f8390 4 API calls 10357->10366 10357->10370 10360 6f8420 RtlAllocateHeap 10358->10360 10358->10369 10358->10370 10359->10354 10359->10357 10359->10369 10360->10369 10361->10369 10363 6f7fdf 10362->10363 10364 6f7fd1 10362->10364 10365 6f8571 RtlAllocateHeap 10363->10365 10367 6f85e5 RtlAllocateHeap 10364->10367 10364->10370 10365->10369 10366->10369 10367->10369 10368 6f86ea 4 API calls 10368->10370 10369->10368 10369->10370 10370->10281 10374 6f7d5e 10371->10374 10373 6f7d40 10373->10304 10375 6f7d80 10374->10375 10376 6f75f6 __dosmaperr RtlAllocateHeap 10375->10376 10379 6f7db7 10375->10379 10377 6f7dac 10376->10377 10378 6f6c5a __cftof RtlAllocateHeap 10377->10378 10378->10379 10379->10373 10381 6f7b67 10380->10381 10382 6f7b62 10380->10382 10388 6f8ab6 10381->10388 10383 6f75f6 __dosmaperr RtlAllocateHeap 10382->10383 10383->10381 10386 6f75f6 __dosmaperr RtlAllocateHeap 10387 6f7b99 10386->10387 10387->10281 10389 6f8ad1 10388->10389 10392 6f8868 10389->10392 10393 6f868d RtlAllocateHeap 10392->10393 10396 6f887a 10393->10396 10394 6f88b3 10397 6f690a __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 10394->10397 10395 6f888f 10398 6f75f6 __dosmaperr RtlAllocateHeap 10395->10398 10396->10394 10396->10395 10409 6f7b85 10396->10409 10402 6f88bf 10397->10402 10399 6f8894 10398->10399 10401 6f6c5a __cftof RtlAllocateHeap 10399->10401 10400 6f6d52 GetPEB ExitProcess GetPEB RtlAllocateHeap 10400->10402 10401->10409 10402->10400 10403 6f88ee 10402->10403 10405 6f8a8d RtlAllocateHeap 10403->10405 10406 6f8958 10403->10406 10404 6f8a8d RtlAllocateHeap 10407 6f8a20 10404->10407 10405->10406 10406->10404 10408 6f75f6 __dosmaperr RtlAllocateHeap 10407->10408 10407->10409 10408->10409 10409->10386 10409->10387 10411 6f83ab 10410->10411 10412 6f83dd 10411->10412 10446 6fc88e 10411->10446 10412->10347 10415 6f85f1 10414->10415 10416 6f8420 RtlAllocateHeap 10415->10416 10417 6f8603 10416->10417 10417->10347 10421 6f8586 10418->10421 10419 6f75f6 __dosmaperr RtlAllocateHeap 10420 6f858f 10419->10420 10422 6f6c5a __cftof RtlAllocateHeap 10420->10422 10421->10419 10423 6f859a 10421->10423 10422->10423 10423->10347 10425 6f8433 10424->10425 10426 6f844e 10425->10426 10428 6f8465 10425->10428 10427 6f75f6 __dosmaperr RtlAllocateHeap 10426->10427 10429 6f8453 10427->10429 10432 6f845e 10428->10432 10470 6f779f 10428->10470 10430 6f6c5a __cftof RtlAllocateHeap 10429->10430 10430->10432 10432->10347 10434 6f825a 10433->10434 10435 6f779f RtlAllocateHeap 10434->10435 10436 6f8297 10435->10436 10483 6fd3c8 10436->10483 10438 6f830d 10438->10347 10438->10438 10440 6f8420 RtlAllocateHeap 10439->10440 10441 6f861b 10440->10441 10441->10347 10443 6f875d __floor_pentium4 10442->10443 10445 6f8707 10442->10445 10443->10348 10444 6fc88e __cftof 4 API calls 10444->10445 10445->10443 10445->10444 10449 6fc733 10446->10449 10450 6fc743 10449->10450 10451 6fc76d 10450->10451 10452 6fc781 10450->10452 10461 6fc748 10450->10461 10453 6f75f6 __dosmaperr RtlAllocateHeap 10451->10453 10454 6f690a __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 10452->10454 10455 6fc772 10453->10455 10456 6fc78c 10454->10456 10458 6f6c5a __cftof RtlAllocateHeap 10455->10458 10457 6fc79c 10456->10457 10462 6fc7c8 __cftof 10456->10462 10459 702b7d __cftof RtlAllocateHeap 10457->10459 10458->10461 10460 6fc7b1 10459->10460 10460->10461 10464 6f75f6 __dosmaperr RtlAllocateHeap 10460->10464 10461->10412 10466 6fc7de __cftof 10462->10466 10469 6fc815 __cftof 10462->10469 10463 6f75f6 __dosmaperr RtlAllocateHeap 10463->10461 10464->10461 10465 6f75f6 __dosmaperr RtlAllocateHeap 10467 6fc87f 10465->10467 10466->10461 10466->10463 10468 6f6c5a __cftof RtlAllocateHeap 10467->10468 10468->10461 10469->10461 10469->10465 10471 6f77b4 10470->10471 10473 6f77c3 10470->10473 10472 6f75f6 __dosmaperr RtlAllocateHeap 10471->10472 10474 6f77b9 10472->10474 10473->10474 10475 6fb04b __cftof RtlAllocateHeap 10473->10475 10474->10432 10476 6f77ea 10475->10476 10477 6f7801 10476->10477 10480 6f7a33 10476->10480 10478 6fadf5 __freea RtlAllocateHeap 10477->10478 10478->10474 10481 6fadf5 __freea RtlAllocateHeap 10480->10481 10482 6f7a42 10481->10482 10482->10477 10484 6fd3ee 10483->10484 10485 6fd3d8 10483->10485 10484->10485 10490 6fd400 10484->10490 10486 6f75f6 __dosmaperr RtlAllocateHeap 10485->10486 10487 6fd3dd 10486->10487 10488 6f6c5a __cftof RtlAllocateHeap 10487->10488 10489 6fd3e7 10488->10489 10489->10438 10491 6fd467 10490->10491 10493 6fd439 10490->10493 10492 6fd485 10491->10492 10494 6fd48a 10491->10494 10496 6fd4ae 10492->10496 10497 6fd4e4 10492->10497 10504 6fd2ff 10493->10504 10509 6fcbdf 10494->10509 10499 6fd4cc 10496->10499 10500 6fd4b3 10496->10500 10537 6fcef8 10497->10537 10530 6fd0e2 10499->10530 10520 6fd23e 10500->10520 10505 6fd315 10504->10505 10506 6fd320 10504->10506 10505->10489 10507 6fa1f1 ___std_exception_copy RtlAllocateHeap 10506->10507 10508 6fd37b __cftof 10507->10508 10508->10489 10510 6fcbf1 10509->10510 10511 6f690a __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 10510->10511 10512 6fcc05 10511->10512 10513 6fcc0d 10512->10513 10514 6fcc21 10512->10514 10515 6f75f6 __dosmaperr RtlAllocateHeap 10513->10515 10516 6fcef8 GetPEB ExitProcess GetPEB RtlAllocateHeap 10514->10516 10519 6fcc1c __alldvrm __cftof _strrchr 10514->10519 10517 6fcc12 10515->10517 10516->10519 10518 6f6c5a __cftof RtlAllocateHeap 10517->10518 10518->10519 10519->10489 10521 7031a8 RtlAllocateHeap 10520->10521 10522 6fd26c 10521->10522 10523 702c47 RtlAllocateHeap 10522->10523 10525 6fd29e 10523->10525 10524 6fd2de 10526 6fcf9a GetPEB ExitProcess GetPEB RtlAllocateHeap 10524->10526 10525->10524 10527 6fd2b7 10525->10527 10528 6fd2a5 10525->10528 10526->10528 10529 6fd16d GetPEB ExitProcess GetPEB RtlAllocateHeap 10527->10529 10528->10489 10529->10528 10531 7031a8 RtlAllocateHeap 10530->10531 10532 6fd10f 10531->10532 10533 702c47 RtlAllocateHeap 10532->10533 10534 6fd147 10533->10534 10535 6fd14e 10534->10535 10536 6fd16d GetPEB ExitProcess GetPEB RtlAllocateHeap 10534->10536 10535->10489 10536->10535 10538 6fcf10 10537->10538 10539 7031a8 RtlAllocateHeap 10538->10539 10540 6fcf29 10539->10540 10541 702c47 RtlAllocateHeap 10540->10541 10542 6fcf6e 10541->10542 10543 6fcf75 10542->10543 10544 6fcf9a GetPEB ExitProcess GetPEB RtlAllocateHeap 10542->10544 10543->10489 10544->10543 10546 6c907f 10545->10546 10547 6d7a00 RtlAllocateHeap 10546->10547 10548 6c908f 10547->10548 10549 6c5c10 4 API calls 10548->10549 10550 6c909a 10549->10550 10551 6d80c0 RtlAllocateHeap 10550->10551 10552 6c90ec 10551->10552 10553 6d8220 RtlAllocateHeap 10552->10553 10555 6c90fe shared_ptr 10553->10555 10554 6c917e shared_ptr __floor_pentium4 10554->10034 10555->10554 10556 6f6c6a RtlAllocateHeap 10555->10556 10557 6c91aa 10556->10557 10559 6d8248 10558->10559 10560 6d8292 10558->10560 10559->10560 10561 6d8251 10559->10561 10562 6d82a1 10560->10562 10564 6d8f40 RtlAllocateHeap 10560->10564 10587 6d9280 10561->10587 10562->10038 10564->10562 10565 6d825a 10565->10038 10567 6d908e 10566->10567 10568 6d8f6b 10566->10568 10569 6d9270 RtlAllocateHeap 10567->10569 10572 6d8fdc 10568->10572 10573 6d8fb2 10568->10573 10570 6d9093 10569->10570 10571 6c2480 RtlAllocateHeap 10570->10571 10581 6d8fc3 __cftof 10571->10581 10575 6dd3e2 RtlAllocateHeap 10572->10575 10572->10581 10573->10570 10574 6d8fbd 10573->10574 10577 6dd3e2 RtlAllocateHeap 10574->10577 10575->10581 10576 6f6c6a RtlAllocateHeap 10578 6d909d 10576->10578 10577->10581 10579 6d90b8 10578->10579 10582 6c2480 std::_Throw_future_error 10578->10582 10584 6d90be 10578->10584 10580 6dd3e2 RtlAllocateHeap 10579->10580 10580->10584 10581->10576 10583 6d904c shared_ptr __cftof 10581->10583 10585 6f38af ___std_exception_copy RtlAllocateHeap 10582->10585 10583->10027 10584->10027 10586 6c24c3 10585->10586 10586->10027 10588 6d9294 10587->10588 10591 6d92a5 __cftof 10588->10591 10592 6d94e0 10588->10592 10590 6d932b 10590->10565 10591->10565 10593 6d9619 10592->10593 10594 6d950b 10592->10594 10595 6d9270 RtlAllocateHeap 10593->10595 10598 6d9579 10594->10598 10599 6d9552 10594->10599 10596 6d961e 10595->10596 10597 6c2480 RtlAllocateHeap 10596->10597 10605 6d9563 __cftof 10597->10605 10603 6dd3e2 RtlAllocateHeap 10598->10603 10598->10605 10599->10596 10600 6d955d 10599->10600 10602 6dd3e2 RtlAllocateHeap 10600->10602 10601 6f6c6a RtlAllocateHeap 10604 6d9628 shared_ptr 10601->10604 10602->10605 10603->10605 10604->10590 10605->10601 10606 6d95e1 shared_ptr __cftof 10605->10606 10606->10590 10607 6c4276 10612 6c2410 10607->10612 10611 6c428f 10613 6c2424 10612->10613 10627 6db52d 10613->10627 10616 6c3ce0 10617 6c3d42 10616->10617 10618 6c3d52 10616->10618 10683 6d7d50 10617->10683 10620 6dd3e2 RtlAllocateHeap 10618->10620 10621 6c3d84 10620->10621 10622 6d7d50 RtlAllocateHeap 10621->10622 10624 6c3e03 10621->10624 10622->10624 10623 6c3e9b shared_ptr 10623->10611 10624->10623 10625 6f6c6a RtlAllocateHeap 10624->10625 10626 6c3ec1 10625->10626 10635 6f3aed 10627->10635 10629 6c242a 10629->10616 10630 6db5a5 ___std_exception_copy 10642 6db1ad 10630->10642 10631 6db598 10638 6daf56 10631->10638 10646 6f4f29 10635->10646 10639 6daf9f ___std_exception_copy 10638->10639 10640 6dafb2 shared_ptr 10639->10640 10659 6db39f 10639->10659 10640->10629 10643 6db1d8 10642->10643 10645 6db1e1 shared_ptr 10642->10645 10644 6db39f 5 API calls 10643->10644 10644->10645 10645->10629 10654 6f4f37 10646->10654 10648 6db555 10648->10629 10648->10630 10648->10631 10649 6f4f2e __cftof 10649->10648 10650 6fd634 __cftof 4 API calls 10649->10650 10653 6f8bfc __cftof 10649->10653 10650->10653 10651 6f65ed __cftof 3 API calls 10652 6f8c2f 10651->10652 10653->10651 10655 6f4f40 10654->10655 10657 6f4f43 10654->10657 10655->10649 10656 6f4f77 10656->10649 10657->10656 10658 6f8ba3 ___std_exception_copy RtlAllocateHeap 10657->10658 10658->10656 10670 6dbedf 10659->10670 10662 6db3e8 10662->10640 10679 6dcc31 10670->10679 10673 6f6cbb 10674 6f6cc7 __dosmaperr 10673->10674 10675 6fa671 __cftof 4 API calls 10674->10675 10677 6f6ccc 10675->10677 10676 6f8bec __cftof 4 API calls 10678 6f6cf6 10676->10678 10677->10676 10680 6dcc3f InitOnceExecuteOnce 10679->10680 10682 6db3e1 10679->10682 10680->10682 10682->10662 10682->10673 10684 6d7dcb 10683->10684 10685 6d7d62 10683->10685 10688 6c2480 RtlAllocateHeap 10684->10688 10686 6d7d6d 10685->10686 10687 6d7d9c 10685->10687 10686->10684 10689 6d7d74 10686->10689 10690 6d7db9 10687->10690 10693 6dd3e2 RtlAllocateHeap 10687->10693 10691 6d7d7a 10688->10691 10692 6dd3e2 RtlAllocateHeap 10689->10692 10690->10618 10694 6f6c6a RtlAllocateHeap 10691->10694 10696 6d7d83 10691->10696 10692->10691 10695 6d7da6 10693->10695 10702 6d7dd5 10694->10702 10695->10618 10696->10618 10697 6d7f20 10698 6d9270 RtlAllocateHeap 10697->10698 10711 6d7e91 __cftof 10698->10711 10699 6d7e01 10699->10618 10700 6f6c6a RtlAllocateHeap 10709 6d7f2a __cftof 10700->10709 10701 6d7f1b 10703 6c2480 RtlAllocateHeap 10701->10703 10702->10697 10702->10699 10702->10701 10704 6d7ea7 10702->10704 10705 6d7e80 10702->10705 10703->10697 10707 6dd3e2 RtlAllocateHeap 10704->10707 10704->10711 10705->10701 10706 6d7e8b 10705->10706 10708 6dd3e2 RtlAllocateHeap 10706->10708 10707->10711 10708->10711 10710 6d7f61 shared_ptr 10709->10710 10713 6f6c6a RtlAllocateHeap 10709->10713 10710->10618 10711->10700 10712 6d7f02 shared_ptr 10711->10712 10712->10618 10714 6d7f7c 10713->10714 10724 6c3c47 10725 6c3c51 10724->10725 10728 6c3c5f 10725->10728 10740 6c32d0 10725->10740 10726 6c3c68 10728->10726 10759 6c3810 10728->10759 10763 6dc6ac 10740->10763 10742 6c336b 10769 6dc26a 10742->10769 10745 6c333c __Mtx_unlock 10746 6dc26a 5 API calls 10745->10746 10748 6c3350 __floor_pentium4 10745->10748 10749 6c3377 10746->10749 10747 6c3314 10747->10742 10747->10745 10766 6dbd4c 10747->10766 10748->10728 10750 6dc6ac GetSystemTimePreciseAsFileTime 10749->10750 10751 6c33af 10750->10751 10752 6dc26a 5 API calls 10751->10752 10753 6c33b6 __Cnd_broadcast 10751->10753 10752->10753 10754 6dc26a 5 API calls 10753->10754 10755 6c33d7 __Mtx_unlock 10753->10755 10754->10755 10756 6dc26a 5 API calls 10755->10756 10757 6c33eb 10755->10757 10758 6c340e 10756->10758 10757->10728 10758->10728 10760 6c381c 10759->10760 10842 6c2440 10760->10842 10773 6dc452 10763->10773 10765 6dc6b9 10765->10747 10790 6dbb72 10766->10790 10768 6dbd5c 10768->10747 10770 6dc292 10769->10770 10771 6dc274 10769->10771 10770->10770 10771->10770 10796 6dc297 10771->10796 10774 6dc47a __floor_pentium4 10773->10774 10775 6dc4a8 10773->10775 10774->10765 10775->10774 10779 6dcf6b 10775->10779 10777 6dc4fd __Xtime_diff_to_millis2 10777->10774 10778 6dcf6b _xtime_get GetSystemTimePreciseAsFileTime 10777->10778 10778->10777 10780 6dcf7a 10779->10780 10782 6dcf87 __aulldvrm 10779->10782 10780->10782 10783 6dcf44 10780->10783 10782->10777 10786 6dcbea 10783->10786 10787 6dcbfb GetSystemTimePreciseAsFileTime 10786->10787 10788 6dcc07 10786->10788 10787->10788 10788->10782 10791 6dbb9c 10790->10791 10792 6dcf6b _xtime_get GetSystemTimePreciseAsFileTime 10791->10792 10795 6dbba4 __Xtime_diff_to_millis2 __floor_pentium4 10791->10795 10793 6dbbcf __Xtime_diff_to_millis2 10792->10793 10794 6dcf6b _xtime_get GetSystemTimePreciseAsFileTime 10793->10794 10793->10795 10794->10795 10795->10768 10801 6c2ae0 10796->10801 10798 6dc2ae 10808 6dc1ff 10798->10808 10800 6dc2bf std::_Throw_future_error 10802 6dbedf InitOnceExecuteOnce 10801->10802 10803 6c2af4 __dosmaperr 10802->10803 10803->10798 10804 6fa671 __cftof 4 API calls 10803->10804 10807 6f6ccc 10804->10807 10805 6f8bec __cftof 4 API calls 10806 6f6cf6 10805->10806 10807->10805 10809 6dc20b __EH_prolog3_GS 10808->10809 10810 6d80c0 RtlAllocateHeap 10809->10810 10811 6dc23d 10810->10811 10816 6c26b0 10811->10816 10813 6dc252 10833 6d7970 10813->10833 10815 6dc25a 10815->10800 10817 6d7a00 RtlAllocateHeap 10816->10817 10818 6c2702 10817->10818 10819 6c2725 10818->10819 10820 6d8f40 RtlAllocateHeap 10818->10820 10821 6d8f40 RtlAllocateHeap 10819->10821 10822 6c278e 10819->10822 10820->10819 10821->10822 10823 6c27ed shared_ptr 10822->10823 10825 6c28b8 10822->10825 10824 6f38af ___std_exception_copy RtlAllocateHeap 10823->10824 10828 6c284b 10824->10828 10827 6f6c6a RtlAllocateHeap 10825->10827 10826 6c287a shared_ptr __floor_pentium4 10826->10813 10827->10828 10828->10826 10829 6f6c6a RtlAllocateHeap 10828->10829 10830 6c28c2 10829->10830 10838 6f3912 10830->10838 10832 6c28e5 shared_ptr 10832->10813 10834 6d797b 10833->10834 10835 6d7996 shared_ptr 10833->10835 10834->10835 10836 6f6c6a RtlAllocateHeap 10834->10836 10835->10815 10837 6d79ba 10836->10837 10839 6f391f 10838->10839 10840 6f3926 10838->10840 10841 6f8ba3 ___std_exception_copy RtlAllocateHeap 10839->10841 10840->10832 10841->10840 10845 6db5d6 10842->10845 10844 6c2472 10846 6db5f1 std::_Throw_future_error 10845->10846 10847 6f8bec __cftof 4 API calls 10846->10847 10849 6db658 __cftof __floor_pentium4 10846->10849 10848 6db69f 10847->10848 10849->10844 10850 6f6a44 10851 6f6a5c 10850->10851 10852 6f6a52 10850->10852 10868 6f698d 10851->10868 10863 6fb655 10852->10863 10855 6f6a59 10856 6f6a76 10871 6f68ed 10856->10871 10859 6fb655 RtlAllocateHeap 10860 6f6a8a 10859->10860 10861 6f6aa8 10860->10861 10862 6fadf5 __freea RtlAllocateHeap 10860->10862 10862->10861 10865 6fb662 10863->10865 10864 6fb679 10864->10855 10865->10864 10874 6f75c0 10865->10874 10869 6f690a __cftof 4 API calls 10868->10869 10870 6f699f 10869->10870 10870->10856 10882 6f683b 10871->10882 10879 6f75e3 10874->10879 10876 6f75cb __dosmaperr 10877 6f75f6 __dosmaperr RtlAllocateHeap 10876->10877 10878 6f75de 10877->10878 10878->10855 10880 6fa7c8 __dosmaperr RtlAllocateHeap 10879->10880 10881 6f75e8 10880->10881 10881->10876 10883 6f6849 10882->10883 10884 6f6863 10882->10884 10895 6f69cc 10883->10895 10886 6f686a 10884->10886 10888 6f6889 __cftof 10884->10888 10894 6f6853 10886->10894 10899 6f69e6 10886->10899 10889 6f689f __cftof 10888->10889 10890 6f69e6 RtlAllocateHeap 10888->10890 10891 6f75c0 __dosmaperr RtlAllocateHeap 10889->10891 10889->10894 10890->10889 10892 6f68ab 10891->10892 10893 6f75f6 __dosmaperr RtlAllocateHeap 10892->10893 10893->10894 10894->10859 10894->10860 10896 6f69d7 10895->10896 10897 6f69df 10895->10897 10898 6fadf5 __freea RtlAllocateHeap 10896->10898 10897->10894 10898->10897 10900 6f69cc RtlAllocateHeap 10899->10900 10901 6f69f4 10900->10901 10904 6f6a25 10901->10904 10905 6fb04b __cftof RtlAllocateHeap 10904->10905 10906 6f6a05 10905->10906 10906->10894 10935 6c3840 10936 6c38f6 10935->10936 10941 6c385f 10935->10941 10937 6c3920 10945 6d91e0 10937->10945 10939 6c3925 10940 6d7d50 RtlAllocateHeap 10940->10936 10941->10936 10941->10937 10942 6c38cd shared_ptr 10941->10942 10943 6c391b 10941->10943 10942->10940 10944 6f6c6a RtlAllocateHeap 10943->10944 10944->10937 10946 6dc1b9 RtlAllocateHeap 10945->10946 10947 6d91ea 10946->10947 10947->10939 10948 6c3440 10953 6c2b30 10948->10953 10950 6c344f std::_Throw_future_error 10951 6f38af ___std_exception_copy RtlAllocateHeap 10950->10951 10952 6c3483 10951->10952 10954 6f38af ___std_exception_copy RtlAllocateHeap 10953->10954 10955 6c2b68 __floor_pentium4 10954->10955 10955->10950 9703 6ca856 9704 6ca870 9703->9704 9711 6ca892 shared_ptr 9703->9711 9705 6ca94e 9704->9705 9704->9711 9707 6ca953 Sleep CreateMutexA 9705->9707 9727 6f6c6a 9705->9727 9710 6ca98e 9707->9710 9709 6ca903 9712 6d80c0 9711->9712 9715 6d8104 9712->9715 9716 6d80de 9712->9716 9713 6d81ee 9735 6d9270 9713->9735 9715->9713 9718 6d817d 9715->9718 9719 6d8158 9715->9719 9716->9709 9717 6d81f3 9738 6c2480 9717->9738 9723 6dd3e2 RtlAllocateHeap 9718->9723 9724 6d8169 __cftof 9718->9724 9719->9717 9730 6dd3e2 9719->9730 9723->9724 9725 6f6c6a RtlAllocateHeap 9724->9725 9726 6d81d0 shared_ptr 9724->9726 9725->9713 9726->9709 9728 6f6bf6 __cftof RtlAllocateHeap 9727->9728 9729 6f6c79 __cftof 9728->9729 9731 6c2480 __dosmaperr ___std_exception_copy std::_Throw_future_error 9730->9731 9734 6dd401 std::_Throw_future_error 9731->9734 9742 6f38af 9731->9742 9734->9724 9831 6dc1b9 9735->9831 9739 6c248e std::_Throw_future_error 9738->9739 9740 6f38af ___std_exception_copy RtlAllocateHeap 9739->9740 9741 6c24c3 9740->9741 9744 6f38bc ___std_exception_copy 9742->9744 9747 6c24c3 9742->9747 9743 6f38e9 9757 6f8ba3 9743->9757 9744->9743 9744->9747 9748 6fa1f1 9744->9748 9747->9724 9749 6fa1fe 9748->9749 9751 6fa20c 9748->9751 9749->9751 9755 6fa223 9749->9755 9760 6f75f6 9751->9760 9752 6fa214 9763 6f6c5a 9752->9763 9754 6fa21e 9754->9743 9755->9754 9756 6f75f6 __dosmaperr RtlAllocateHeap 9755->9756 9756->9752 9758 6fadf5 __freea RtlAllocateHeap 9757->9758 9759 6f8bbb 9758->9759 9759->9747 9766 6fa7c8 9760->9766 9825 6f6bf6 9763->9825 9765 6f6c66 9765->9754 9767 6fa7d2 __dosmaperr 9766->9767 9769 6f75fb 9767->9769 9777 6fd82f 9767->9777 9769->9752 9770 6fa813 __dosmaperr 9771 6fa853 9770->9771 9772 6fa81b __dosmaperr 9770->9772 9785 6fa49f 9771->9785 9781 6fadf5 9772->9781 9776 6fadf5 __freea RtlAllocateHeap 9776->9769 9778 6fd83c __dosmaperr 9777->9778 9779 6fd87a __dosmaperr 9778->9779 9780 6fd867 RtlAllocateHeap 9778->9780 9779->9770 9780->9778 9780->9779 9782 6fae00 9781->9782 9784 6fae1b __dosmaperr 9781->9784 9783 6f75f6 __dosmaperr RtlAllocateHeap 9782->9783 9782->9784 9783->9784 9784->9769 9786 6fa50d __dosmaperr 9785->9786 9789 6fa445 9786->9789 9788 6fa536 9788->9776 9790 6fa451 __dosmaperr 9789->9790 9793 6fa626 9790->9793 9792 6fa473 __dosmaperr 9792->9788 9794 6fa65c __dosmaperr 9793->9794 9795 6fa635 __dosmaperr 9793->9795 9794->9792 9795->9794 9797 6ff35f 9795->9797 9802 6ff375 9797->9802 9819 6ff3df 9797->9819 9798 6ff4d0 __dosmaperr RtlAllocateHeap 9821 6ff43b 9798->9821 9799 6fadf5 __freea RtlAllocateHeap 9801 6ff401 9799->9801 9800 6ff3a8 9803 6ff3ca 9800->9803 9811 6fadf5 __freea RtlAllocateHeap 9800->9811 9804 6fadf5 __freea RtlAllocateHeap 9801->9804 9802->9800 9806 6fadf5 __freea RtlAllocateHeap 9802->9806 9802->9819 9805 6fadf5 __freea RtlAllocateHeap 9803->9805 9807 6ff414 9804->9807 9808 6ff3d4 9805->9808 9810 6ff39d 9806->9810 9812 6fadf5 __freea RtlAllocateHeap 9807->9812 9813 6fadf5 __freea RtlAllocateHeap 9808->9813 9809 6ff49b 9814 6fadf5 __freea RtlAllocateHeap 9809->9814 9815 6fef3c ___free_lconv_mon RtlAllocateHeap 9810->9815 9817 6ff3bf 9811->9817 9818 6ff422 9812->9818 9813->9819 9820 6ff4a1 9814->9820 9815->9800 9816 6fadf5 RtlAllocateHeap __freea 9816->9821 9822 6ff03a __dosmaperr RtlAllocateHeap 9817->9822 9823 6fadf5 __freea RtlAllocateHeap 9818->9823 9819->9799 9824 6ff42d 9819->9824 9820->9794 9821->9809 9821->9816 9822->9803 9823->9824 9824->9798 9826 6fa7c8 __dosmaperr RtlAllocateHeap 9825->9826 9828 6f6c01 __cftof 9826->9828 9827 6f6c0f 9827->9765 9828->9827 9829 6f6bf6 __cftof RtlAllocateHeap 9828->9829 9830 6f6c66 9829->9830 9830->9765 9834 6dc123 9831->9834 9833 6dc1ca std::_Throw_future_error 9837 6c22e0 9834->9837 9836 6dc135 9836->9833 9838 6f38af ___std_exception_copy RtlAllocateHeap 9837->9838 9839 6c2317 __floor_pentium4 9838->9839 9839->9836 10976 6dbe50 10979 6dbd8b 10976->10979 10978 6dbe66 std::_Throw_future_error 10980 6c22e0 std::future_error::future_error RtlAllocateHeap 10979->10980 10981 6dbd9f 10980->10981 10981->10978 9683 6fd82f 9684 6fd83c __dosmaperr 9683->9684 9685 6fd87a __dosmaperr 9684->9685 9686 6fd867 RtlAllocateHeap 9684->9686 9686->9684 9686->9685 9687 6f6629 9690 6f64c7 9687->9690 9691 6f64d5 __cftof 9690->9691 9692 6f6520 9691->9692 9695 6f652b 9691->9695 9694 6f652a 9701 6fa302 GetPEB 9695->9701 9697 6f6535 9698 6f653a GetPEB 9697->9698 9699 6f654a __cftof 9697->9699 9698->9699 9700 6f6562 ExitProcess 9699->9700 9702 6fa31c __cftof 9701->9702 9702->9697 11007 6c1020 11008 6d80c0 RtlAllocateHeap 11007->11008 11009 6c1031 11008->11009 11010 6dd64e RtlAllocateHeap 11009->11010 11011 6c103b 11010->11011 11058 6c2e00 11059 6c2e28 11058->11059 11062 6dc68b 11059->11062 11065 6dc3d5 11062->11065 11064 6c2e33 11066 6dc3e1 11065->11066 11067 6dc3eb 11065->11067 11068 6dc3be 11066->11068 11070 6dc39e 11066->11070 11067->11064 11078 6dcd0a 11068->11078 11070->11067 11074 6dccd5 11070->11074 11071 6dc3d0 11071->11064 11075 6dc3b7 11074->11075 11076 6dcce3 InitializeCriticalSectionEx 11074->11076 11075->11064 11076->11075 11079 6dcd1f RtlInitializeConditionVariable 11078->11079 11079->11071 11080 6c1000 11081 6dd64e RtlAllocateHeap 11080->11081 11082 6c100a 11081->11082 11093 6ca418 11094 6ca420 shared_ptr 11093->11094 11095 6ca93f 11094->11095 11096 6ca4f3 shared_ptr 11094->11096 11097 6f6c6a RtlAllocateHeap 11095->11097 11100 6d80c0 RtlAllocateHeap 11096->11100 11098 6ca944 11097->11098 11099 6f6c6a RtlAllocateHeap 11098->11099 11101 6ca949 11099->11101 11102 6ca903 11100->11102 11103 6ca94e 11101->11103 11104 6f6c6a RtlAllocateHeap 11101->11104 11105 6ca953 Sleep CreateMutexA 11103->11105 11106 6f6c6a RtlAllocateHeap 11103->11106 11104->11103 11107 6ca98e 11105->11107 11106->11105 11114 7044f2 11115 70450c 11114->11115 11116 7044ff 11114->11116 11118 704518 11115->11118 11119 6f75f6 __dosmaperr RtlAllocateHeap 11115->11119 11117 6f75f6 __dosmaperr RtlAllocateHeap 11116->11117 11120 704504 11117->11120 11121 704539 11119->11121 11122 6f6c5a __cftof RtlAllocateHeap 11121->11122 11122->11120 11123 6c6ae9 11126 6c6b01 11123->11126 11124 6d80c0 RtlAllocateHeap 11125 6c6bac 11124->11125 11127 6d9280 RtlAllocateHeap 11125->11127 11126->11124 11128 6c6bbd shared_ptr 11126->11128 11127->11128 11129 6d80c0 RtlAllocateHeap 11128->11129 11130 6c6ce3 shared_ptr __floor_pentium4 11129->11130 11179 6d9ef0 11180 6d9f0c 11179->11180 11181 6dc68b __Mtx_init_in_situ 2 API calls 11180->11181 11182 6d9f17 11181->11182 11183 6dd0c7 11185 6dd0d6 11183->11185 11184 6dd17f 11185->11184 11186 6dd17b RtlWakeAllConditionVariable 11185->11186 11202 6ce0c0 recv 11203 6ce122 recv 11202->11203 11204 6ce157 recv 11203->11204 11205 6ce191 11204->11205 11206 6ce2b3 __floor_pentium4 11205->11206 11207 6dc6ac GetSystemTimePreciseAsFileTime 11205->11207 11208 6ce2ee 11207->11208 11209 6dc26a 5 API calls 11208->11209 11210 6ce358 11209->11210 11211 6c2ec0 11212 6c2f7e GetCurrentThreadId 11211->11212 11213 6c2f06 11211->11213 11214 6c2f94 11212->11214 11233 6c2fef 11212->11233 11215 6dc6ac GetSystemTimePreciseAsFileTime 11213->11215 11221 6dc6ac GetSystemTimePreciseAsFileTime 11214->11221 11214->11233 11216 6c2f12 11215->11216 11217 6c2f1d 11216->11217 11218 6c301e 11216->11218 11222 6dd3e2 RtlAllocateHeap 11217->11222 11223 6c2f30 __Mtx_unlock 11217->11223 11219 6dc26a 5 API calls 11218->11219 11220 6c3024 11219->11220 11224 6dc26a 5 API calls 11220->11224 11225 6c2fb9 11221->11225 11222->11223 11223->11220 11226 6c2f6f 11223->11226 11224->11225 11227 6dc26a 5 API calls 11225->11227 11228 6c2fc0 __Mtx_unlock 11225->11228 11226->11212 11226->11233 11227->11228 11229 6dc26a 5 API calls 11228->11229 11230 6c2fd8 __Cnd_broadcast 11228->11230 11229->11230 11231 6dc26a 5 API calls 11230->11231 11230->11233 11232 6c303c 11231->11232 11234 6dc6ac GetSystemTimePreciseAsFileTime 11232->11234 11242 6c3080 shared_ptr __Mtx_unlock 11234->11242 11235 6c31c5 11236 6dc26a 5 API calls 11235->11236 11237 6c31cb 11236->11237 11238 6dc26a 5 API calls 11237->11238 11239 6c31d1 11238->11239 11240 6dc26a 5 API calls 11239->11240 11248 6c3193 __Mtx_unlock 11240->11248 11241 6c31a7 __floor_pentium4 11242->11235 11242->11237 11242->11241 11245 6c3132 GetCurrentThreadId 11242->11245 11243 6dc26a 5 API calls 11244 6c31dd 11243->11244 11245->11241 11246 6c313b 11245->11246 11246->11241 11247 6dc6ac GetSystemTimePreciseAsFileTime 11246->11247 11249 6c315f 11247->11249 11248->11241 11248->11243 11249->11235 11249->11239 11249->11248 11250 6dbd4c GetSystemTimePreciseAsFileTime 11249->11250 11250->11249 11281 6c9adc 11282 6c9aea 11281->11282 11286 6c9afe shared_ptr 11281->11286 11283 6ca917 11282->11283 11282->11286 11284 6ca953 Sleep CreateMutexA 11283->11284 11285 6f6c6a RtlAllocateHeap 11283->11285 11287 6ca98e 11284->11287 11285->11284 11288 6d7a00 RtlAllocateHeap 11286->11288 11289 6c9b74 11288->11289 11290 6c5c10 4 API calls 11289->11290 11291 6c9b7c 11290->11291 11304 6c8b30 11291->11304 11293 6c9b8d 11294 6d8220 RtlAllocateHeap 11293->11294 11295 6c9b9c 11294->11295 11296 6d7a00 RtlAllocateHeap 11295->11296 11297 6c9ca9 11296->11297 11298 6c5c10 4 API calls 11297->11298 11299 6c9cb1 11298->11299 11300 6c8b30 4 API calls 11299->11300 11301 6c9cc2 11300->11301 11302 6d8220 RtlAllocateHeap 11301->11302 11303 6c9cd1 11302->11303 11305 6c8b7c 11304->11305 11306 6d7a00 RtlAllocateHeap 11305->11306 11307 6c8b8c 11306->11307 11308 6c5c10 4 API calls 11307->11308 11309 6c8b97 11308->11309 11310 6d80c0 RtlAllocateHeap 11309->11310 11311 6c8be3 11310->11311 11312 6d80c0 RtlAllocateHeap 11311->11312 11313 6c8c35 11312->11313 11314 6d8220 RtlAllocateHeap 11313->11314 11317 6c8c47 shared_ptr 11314->11317 11315 6c8d01 shared_ptr __floor_pentium4 11315->11293 11316 6f6c6a RtlAllocateHeap 11318 6c8d2d 11316->11318 11317->11315 11317->11316 11319 6d7a00 RtlAllocateHeap 11318->11319 11320 6c8d8f 11319->11320 11321 6c5c10 4 API calls 11320->11321 11322 6c8d9a 11321->11322 11323 6d80c0 RtlAllocateHeap 11322->11323 11324 6c8dec 11323->11324 11325 6d8220 RtlAllocateHeap 11324->11325 11327 6c8dfe shared_ptr 11325->11327 11326 6c8e7e shared_ptr __floor_pentium4 11326->11293 11327->11326 11328 6f6c6a RtlAllocateHeap 11327->11328 11329 6c8eaa 11328->11329 11330 6d7a00 RtlAllocateHeap 11329->11330 11331 6c8f0f 11330->11331 11332 6c5c10 4 API calls 11331->11332 11333 6c8f1a 11332->11333 11334 6d80c0 RtlAllocateHeap 11333->11334 11335 6c8f6c 11334->11335 11336 6d8220 RtlAllocateHeap 11335->11336 11338 6c8f7e shared_ptr 11336->11338 11337 6c8ffe shared_ptr __floor_pentium4 11337->11293 11338->11337 11339 6f6c6a RtlAllocateHeap 11338->11339 11340 6c902a 11339->11340 11341 6c5cad 11343 6c5caf 11341->11343 11342 6c5d17 shared_ptr __floor_pentium4 11343->11342 11344 6f6c6a RtlAllocateHeap 11343->11344 11345 6c5d47 __cftof 11344->11345 11346 6d80c0 RtlAllocateHeap 11345->11346 11348 6c5e3e 11346->11348 11347 6c5ea6 shared_ptr __floor_pentium4 11348->11347 11349 6f6c6a RtlAllocateHeap 11348->11349 11350 6c5ed2 11349->11350 11351 6c5ffe shared_ptr __floor_pentium4 11350->11351 11352 6f6c6a RtlAllocateHeap 11350->11352 11353 6c601b 11352->11353 11354 6d80c0 RtlAllocateHeap 11353->11354 11355 6c6089 11354->11355 11356 6d80c0 RtlAllocateHeap 11355->11356 11357 6c60bd 11356->11357 11358 6d80c0 RtlAllocateHeap 11357->11358 11359 6c60ee 11358->11359 11360 6d80c0 RtlAllocateHeap 11359->11360 11361 6c611f 11360->11361 11362 6d80c0 RtlAllocateHeap 11361->11362 11364 6c6150 11362->11364 11363 6c65b1 shared_ptr __floor_pentium4 11364->11363 11365 6f6c6a RtlAllocateHeap 11364->11365 11366 6c65dc 11365->11366 11367 6d7a00 RtlAllocateHeap 11366->11367 11368 6c66a6 11367->11368 11369 6c5c10 4 API calls 11368->11369 11370 6c66ac 11369->11370 11371 6c5c10 4 API calls 11370->11371 11372 6c66b1 11371->11372 11373 6c22c0 4 API calls 11372->11373 11374 6c66c9 shared_ptr 11373->11374 11375 6d7a00 RtlAllocateHeap 11374->11375 11376 6c6732 11375->11376 11377 6c5c10 4 API calls 11376->11377 11378 6c673d 11377->11378 11379 6c22c0 4 API calls 11378->11379 11388 6c6757 shared_ptr 11379->11388 11380 6c6852 11381 6d80c0 RtlAllocateHeap 11380->11381 11383 6c689c 11381->11383 11382 6d7a00 RtlAllocateHeap 11382->11388 11384 6d80c0 RtlAllocateHeap 11383->11384 11387 6c68e3 shared_ptr __floor_pentium4 11384->11387 11385 6c5c10 4 API calls 11385->11388 11386 6c22c0 4 API calls 11386->11388 11388->11380 11388->11382 11388->11385 11388->11386 11429 6c20a0 11430 6dc68b __Mtx_init_in_situ 2 API calls 11429->11430 11431 6c20ac 11430->11431 11432 6dd64e RtlAllocateHeap 11431->11432 11433 6c20b6 11432->11433 11434 6c34a0 11435 6c34aa 11434->11435 11436 6c34ca shared_ptr 11434->11436 11435->11436 11437 6f6c6a RtlAllocateHeap 11435->11437 11438 6c34f2 Concurrency::cancel_current_task shared_ptr 11437->11438 11439 6c9ab8 11441 6c9acc 11439->11441 11442 6c9b08 11441->11442 11443 6d7a00 RtlAllocateHeap 11442->11443 11444 6c9b74 11443->11444 11445 6c5c10 4 API calls 11444->11445 11446 6c9b7c 11445->11446 11447 6c8b30 4 API calls 11446->11447 11448 6c9b8d 11447->11448 11449 6d8220 RtlAllocateHeap 11448->11449 11450 6c9b9c 11449->11450 11451 6d7a00 RtlAllocateHeap 11450->11451 11452 6c9ca9 11451->11452 11453 6c5c10 4 API calls 11452->11453 11454 6c9cb1 11453->11454 11455 6c8b30 4 API calls 11454->11455 11456 6c9cc2 11455->11456 11457 6d8220 RtlAllocateHeap 11456->11457 11458 6c9cd1 11457->11458 11459 6c42b0 11462 6c3ac0 11459->11462 11461 6c42bb shared_ptr 11463 6c3af9 11462->11463 11464 6f6c6a RtlAllocateHeap 11463->11464 11469 6c3b39 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ 11463->11469 11465 6c3be6 11464->11465 11467 6c32d0 6 API calls 11465->11467 11468 6c3c38 11465->11468 11466 6c32d0 6 API calls 11471 6c3c5f 11466->11471 11467->11468 11468->11466 11468->11471 11469->11461 11470 6c3c68 11470->11461 11471->11470 11472 6c3810 4 API calls 11471->11472 11473 6c3cdb 11472->11473 11474 6d7d50 RtlAllocateHeap 11473->11474 11475 6c3d52 11473->11475 11474->11475 11476 6dd3e2 RtlAllocateHeap 11475->11476 11477 6c3d84 11476->11477 11478 6d7d50 RtlAllocateHeap 11477->11478 11480 6c3e03 11477->11480 11478->11480 11479 6c3e9b shared_ptr 11479->11461 11480->11479 11481 6f6c6a RtlAllocateHeap 11480->11481 11482 6c3ec1 11481->11482 11483 6c3c8e 11484 6c3c98 11483->11484 11485 6c3cb4 11484->11485 11486 6c2410 5 API calls 11484->11486 11489 6c3810 4 API calls 11485->11489 11487 6c3ca5 11486->11487 11488 6c3ce0 RtlAllocateHeap 11487->11488 11488->11485 11490 6c3ccf 11489->11490 11491 6c3810 4 API calls 11490->11491 11492 6c3cdb 11491->11492 11493 6c3d52 11492->11493 11494 6d7d50 RtlAllocateHeap 11492->11494 11495 6dd3e2 RtlAllocateHeap 11493->11495 11494->11493 11496 6c3d84 11495->11496 11497 6d7d50 RtlAllocateHeap 11496->11497 11499 6c3e03 11496->11499 11497->11499 11498 6c3e9b shared_ptr 11499->11498 11500 6f6c6a RtlAllocateHeap 11499->11500 11501 6c3ec1 11500->11501 11542 6d8680 11543 6d86e0 11542->11543 11543->11543 11551 6d7760 11543->11551 11545 6d86f9 11546 6d8f40 RtlAllocateHeap 11545->11546 11547 6d8714 11545->11547 11546->11547 11548 6d8f40 RtlAllocateHeap 11547->11548 11550 6d8769 11547->11550 11549 6d87b1 11548->11549 11552 6d7864 shared_ptr __cftof 11551->11552 11554 6d777b 11551->11554 11552->11545 11553 6d77fb __cftof 11553->11552 11564 6f6c6a RtlAllocateHeap 11553->11564 11554->11552 11554->11553 11555 6d78f1 11554->11555 11559 6d7811 11554->11559 11561 6d77ea 11554->11561 11556 6d9270 RtlAllocateHeap 11555->11556 11557 6d78f6 11556->11557 11558 6c2480 RtlAllocateHeap 11557->11558 11560 6d78fb 11558->11560 11559->11553 11562 6dd3e2 RtlAllocateHeap 11559->11562 11561->11557 11563 6dd3e2 RtlAllocateHeap 11561->11563 11562->11553 11563->11553 11564->11555 11565 6ca682 11566 6ca68a shared_ptr 11565->11566 11567 6ca75d shared_ptr 11566->11567 11568 6ca949 11566->11568 11573 6d80c0 RtlAllocateHeap 11567->11573 11569 6ca94e 11568->11569 11570 6f6c6a RtlAllocateHeap 11568->11570 11571 6ca953 Sleep CreateMutexA 11569->11571 11572 6f6c6a RtlAllocateHeap 11569->11572 11570->11569 11575 6ca98e 11571->11575 11572->11571 11574 6ca903 11573->11574 11576 6c5a9e 11580 6c5a61 11576->11580 11577 6d80c0 RtlAllocateHeap 11577->11580 11579 6d7a00 RtlAllocateHeap 11579->11580 11580->11576 11580->11577 11580->11579 11581 6c5bdd __floor_pentium4 11580->11581 11582 6c5730 11580->11582 11583 6c5799 shared_ptr 11582->11583 11588 6c5860 shared_ptr 11582->11588 11584 6c592a 11583->11584 11585 6d80c0 RtlAllocateHeap 11583->11585 11583->11588 11591 6d8200 11584->11591 11585->11583 11587 6c5900 shared_ptr __floor_pentium4 11587->11580 11588->11587 11589 6f6c6a RtlAllocateHeap 11588->11589 11590 6c5934 11589->11590 11594 6dc1d9 11591->11594 11593 6d820a 11597 6dc15d 11594->11597 11596 6dc1ea std::_Throw_future_error 11596->11593 11598 6c22e0 std::future_error::future_error RtlAllocateHeap 11597->11598 11599 6dc16f 11598->11599 11599->11596 11650 6c5f76 11651 6c5f81 shared_ptr 11650->11651 11652 6c5ffe shared_ptr __floor_pentium4 11651->11652 11653 6f6c6a RtlAllocateHeap 11651->11653 11654 6c601b 11653->11654 11655 6d80c0 RtlAllocateHeap 11654->11655 11656 6c6089 11655->11656 11657 6d80c0 RtlAllocateHeap 11656->11657 11658 6c60bd 11657->11658 11659 6d80c0 RtlAllocateHeap 11658->11659 11660 6c60ee 11659->11660 11661 6d80c0 RtlAllocateHeap 11660->11661 11662 6c611f 11661->11662 11663 6d80c0 RtlAllocateHeap 11662->11663 11665 6c6150 11663->11665 11664 6c65b1 shared_ptr __floor_pentium4 11665->11664 11666 6f6c6a RtlAllocateHeap 11665->11666 11667 6c65dc 11666->11667 11668 6d7a00 RtlAllocateHeap 11667->11668 11669 6c66a6 11668->11669 11670 6c5c10 4 API calls 11669->11670 11671 6c66ac 11670->11671 11672 6c5c10 4 API calls 11671->11672 11673 6c66b1 11672->11673 11674 6c22c0 4 API calls 11673->11674 11675 6c66c9 shared_ptr 11674->11675 11676 6d7a00 RtlAllocateHeap 11675->11676 11677 6c6732 11676->11677 11678 6c5c10 4 API calls 11677->11678 11679 6c673d 11678->11679 11680 6c22c0 4 API calls 11679->11680 11689 6c6757 shared_ptr 11680->11689 11681 6c6852 11682 6d80c0 RtlAllocateHeap 11681->11682 11684 6c689c 11682->11684 11683 6d7a00 RtlAllocateHeap 11683->11689 11685 6d80c0 RtlAllocateHeap 11684->11685 11688 6c68e3 shared_ptr __floor_pentium4 11685->11688 11686 6c5c10 4 API calls 11686->11689 11687 6c22c0 4 API calls 11687->11689 11689->11681 11689->11683 11689->11686 11689->11687 11690 6c3970 11691 6dc68b __Mtx_init_in_situ 2 API calls 11690->11691 11692 6c39a7 11691->11692 11693 6dc68b __Mtx_init_in_situ 2 API calls 11692->11693 11694 6c39e6 11693->11694 11695 6c2170 11700 6dc6fc 11695->11700 11698 6dd64e RtlAllocateHeap 11699 6c2184 11698->11699 11701 6dc70c 11700->11701 11702 6c217a 11700->11702 11701->11702 11704 6dcfbe 11701->11704 11702->11698 11705 6dccd5 __Mtx_init_in_situ InitializeCriticalSectionEx 11704->11705 11706 6dcfd0 11705->11706 11706->11701 11707 6c3770 11708 6c379b 11707->11708 11709 6c37cd shared_ptr 11708->11709 11710 6f6c6a RtlAllocateHeap 11708->11710 11711 6c380f 11710->11711 11712 6ca54d 11713 6ca555 shared_ptr 11712->11713 11714 6ca628 shared_ptr 11713->11714 11715 6ca944 11713->11715 11718 6d80c0 RtlAllocateHeap 11714->11718 11716 6f6c6a RtlAllocateHeap 11715->11716 11717 6ca949 11716->11717 11719 6ca94e 11717->11719 11720 6f6c6a RtlAllocateHeap 11717->11720 11721 6ca903 11718->11721 11722 6ca953 Sleep CreateMutexA 11719->11722 11723 6f6c6a RtlAllocateHeap 11719->11723 11720->11719 11724 6ca98e 11722->11724 11723->11722 11737 6c9f44 11738 6c9f4c shared_ptr 11737->11738 11739 6ca92b 11738->11739 11742 6ca01f shared_ptr 11738->11742 11740 6ca953 Sleep CreateMutexA 11739->11740 11741 6f6c6a RtlAllocateHeap 11739->11741 11744 6ca98e 11740->11744 11741->11740 11743 6d80c0 RtlAllocateHeap 11742->11743 11745 6ca903 11743->11745 11786 6c215a 11787 6dc6fc InitializeCriticalSectionEx 11786->11787 11788 6c2164 11787->11788 11789 6dd64e RtlAllocateHeap 11788->11789 11790 6c216e 11789->11790 11791 6f6729 11794 6f6672 11791->11794 11793 6f673b 11796 6f667e __dosmaperr 11794->11796 11795 6f6685 11797 6f75f6 __dosmaperr RtlAllocateHeap 11795->11797 11796->11795 11798 6f66a5 11796->11798 11799 6f668a 11797->11799 11800 6f66aa 11798->11800 11801 6f66b7 11798->11801 11802 6f6c5a __cftof RtlAllocateHeap 11799->11802 11803 6f75f6 __dosmaperr RtlAllocateHeap 11800->11803 11808 6fa8c3 11801->11808 11807 6f6695 11802->11807 11803->11807 11805 6f66c0 11806 6f75f6 __dosmaperr RtlAllocateHeap 11805->11806 11805->11807 11806->11807 11807->11793 11809 6fa8cf __dosmaperr 11808->11809 11812 6fa967 11809->11812 11811 6fa8ea 11811->11805 11813 6fa98a 11812->11813 11814 6fd82f __dosmaperr RtlAllocateHeap 11813->11814 11817 6fa9d0 11813->11817 11815 6fa9eb 11814->11815 11816 6fadf5 __freea RtlAllocateHeap 11815->11816 11816->11817 11817->11811 11823 6c4120 11824 6c416a 11823->11824 11826 6c41b2 Concurrency::details::_ContextCallback::_CallInContext __floor_pentium4 11824->11826 11827 6c3ee0 11824->11827 11828 6c3f48 11827->11828 11829 6c3f1e 11827->11829 11831 6c3f58 11828->11831 11833 6c2c00 11828->11833 11829->11826 11831->11826 11834 6dd3e2 RtlAllocateHeap 11833->11834 11835 6c2c0e 11834->11835 11843 6db847 11835->11843 11837 6c2c42 11838 6c2c49 11837->11838 11849 6c2c80 11837->11849 11838->11826 11840 6c2c58 11852 6c2560 11840->11852 11842 6c2c65 std::_Throw_future_error 11844 6db854 11843->11844 11847 6db873 Concurrency::details::_Reschedule_chore 11843->11847 11855 6dcb77 11844->11855 11846 6db864 11846->11847 11857 6db81e 11846->11857 11847->11837 11863 6db7fb 11849->11863 11851 6c2cb2 shared_ptr 11851->11840 11853 6f38af ___std_exception_copy RtlAllocateHeap 11852->11853 11854 6c2597 __floor_pentium4 11853->11854 11854->11842 11856 6dcb92 CreateThreadpoolWork 11855->11856 11856->11846 11859 6db827 Concurrency::details::_Reschedule_chore 11857->11859 11861 6dcdcc 11859->11861 11860 6db841 11860->11847 11862 6dcde1 TpPostWork 11861->11862 11862->11860 11864 6db807 11863->11864 11866 6db817 11863->11866 11864->11866 11867 6dca78 11864->11867 11866->11851 11868 6dca8d TpReleaseWork 11867->11868 11868->11866 11904 6d8320 11905 6d8339 11904->11905 11906 6d834d 11905->11906 11907 6d8f40 RtlAllocateHeap 11905->11907 11907->11906 11913 6c6535 11915 6c6549 shared_ptr 11913->11915 11914 6f6c6a RtlAllocateHeap 11917 6c65dc 11914->11917 11915->11914 11916 6c65b1 shared_ptr __floor_pentium4 11915->11916 11918 6d7a00 RtlAllocateHeap 11917->11918 11919 6c66a6 11918->11919 11920 6c5c10 4 API calls 11919->11920 11921 6c66ac 11920->11921 11922 6c5c10 4 API calls 11921->11922 11923 6c66b1 11922->11923 11924 6c22c0 4 API calls 11923->11924 11925 6c66c9 shared_ptr 11924->11925 11926 6d7a00 RtlAllocateHeap 11925->11926 11927 6c6732 11926->11927 11928 6c5c10 4 API calls 11927->11928 11929 6c673d 11928->11929 11930 6c22c0 4 API calls 11929->11930 11939 6c6757 shared_ptr 11930->11939 11931 6c6852 11932 6d80c0 RtlAllocateHeap 11931->11932 11934 6c689c 11932->11934 11933 6d7a00 RtlAllocateHeap 11933->11939 11935 6d80c0 RtlAllocateHeap 11934->11935 11938 6c68e3 shared_ptr __floor_pentium4 11935->11938 11936 6c5c10 4 API calls 11936->11939 11937 6c22c0 4 API calls 11937->11939 11939->11931 11939->11933 11939->11936 11939->11937 11991 6c211c 11992 6c2126 11991->11992 11993 6dd64e RtlAllocateHeap 11992->11993 11994 6c2132 11993->11994 11995 6dd111 11997 6dd122 11995->11997 11996 6dd12a 11997->11996 11999 6dd199 11997->11999 12000 6dd1a7 SleepConditionVariableCS 11999->12000 12002 6dd1c0 11999->12002 12000->12002 12002->11997 12006 6c2b10 12007 6c2b1c 12006->12007 12008 6c2b1a 12006->12008 12009 6dc26a 5 API calls 12007->12009 12010 6c2b22 12009->12010 12011 6d8510 12012 6d855f 12011->12012 12013 6d856c 12011->12013 12017 6d9d00 12012->12017 12014 6d85c4 12013->12014 12038 6da060 12013->12038 12018 6d9e31 12017->12018 12022 6d9d25 12017->12022 12019 6d9270 RtlAllocateHeap 12018->12019 12030 6d9d8b __cftof 12019->12030 12020 6f6c6a RtlAllocateHeap 12029 6d9e3b 12020->12029 12021 6d9e2c 12023 6c2480 RtlAllocateHeap 12021->12023 12022->12021 12024 6d9d7a 12022->12024 12025 6d9da1 12022->12025 12023->12018 12024->12021 12026 6d9d85 12024->12026 12027 6dd3e2 RtlAllocateHeap 12025->12027 12025->12030 12028 6dd3e2 RtlAllocateHeap 12026->12028 12027->12030 12028->12030 12031 6d9e6a shared_ptr 12029->12031 12032 6f6c6a RtlAllocateHeap 12029->12032 12030->12020 12033 6d9dfc shared_ptr __cftof 12030->12033 12031->12013 12034 6d9e8e 12032->12034 12033->12013 12035 6d9ec0 shared_ptr 12034->12035 12036 6f6c6a RtlAllocateHeap 12034->12036 12035->12013 12037 6d9ee6 12036->12037 12039 6da1b1 12038->12039 12043 6da083 12038->12043 12040 6d9270 RtlAllocateHeap 12039->12040 12051 6da0e4 __cftof 12040->12051 12041 6f6c6a RtlAllocateHeap 12050 6da1bb shared_ptr 12041->12050 12042 6da1ac 12044 6c2480 RtlAllocateHeap 12042->12044 12043->12042 12045 6da0fd 12043->12045 12046 6da0d3 12043->12046 12044->12039 12048 6dd3e2 RtlAllocateHeap 12045->12048 12045->12051 12046->12042 12047 6da0de 12046->12047 12049 6dd3e2 RtlAllocateHeap 12047->12049 12048->12051 12049->12051 12050->12013 12051->12041 12052 6da16c shared_ptr __cftof 12051->12052 12052->12013 12093 6c3fe0 12094 6c4022 12093->12094 12095 6c408c 12094->12095 12096 6c40d2 12094->12096 12099 6c4035 __floor_pentium4 12094->12099 12100 6c35e0 12095->12100 12097 6c3ee0 4 API calls 12096->12097 12097->12099 12101 6dd3e2 RtlAllocateHeap 12100->12101 12102 6c3616 12101->12102 12106 6c364e Concurrency::cancel_current_task shared_ptr __floor_pentium4 12102->12106 12107 6c2ce0 12102->12107 12104 6c369e 12105 6c2c00 4 API calls 12104->12105 12104->12106 12105->12106 12106->12099 12108 6c2d1d 12107->12108 12109 6dbedf InitOnceExecuteOnce 12108->12109 12110 6c2d46 12109->12110 12111 6c2d51 __floor_pentium4 12110->12111 12112 6c2d88 12110->12112 12116 6dbef7 12110->12116 12111->12104 12114 6c2440 4 API calls 12112->12114 12115 6c2d9b 12114->12115 12115->12104 12117 6dbf03 12116->12117 12125 6c2900 12117->12125 12119 6dbf23 std::_Throw_future_error 12120 6dbf6a 12119->12120 12121 6dbf73 12119->12121 12135 6dbe7f 12120->12135 12123 6c2ae0 5 API calls 12121->12123 12124 6dbf6f 12123->12124 12124->12112 12126 6d80c0 RtlAllocateHeap 12125->12126 12127 6c294f 12126->12127 12128 6c26b0 RtlAllocateHeap 12127->12128 12129 6c2967 12128->12129 12130 6c298d shared_ptr 12129->12130 12131 6f6c6a RtlAllocateHeap 12129->12131 12130->12119 12132 6c29b6 12131->12132 12133 6f38af ___std_exception_copy RtlAllocateHeap 12132->12133 12134 6c29e4 12133->12134 12134->12119 12136 6dcc31 InitOnceExecuteOnce 12135->12136 12137 6dbe97 12136->12137 12138 6dbe9e 12137->12138 12139 6f6cbb 4 API calls 12137->12139 12138->12124 12140 6dbea7 12139->12140 12140->12124 12141 6d85e0 12142 6d85f6 12141->12142 12142->12142 12143 6d860b 12142->12143 12144 6d8f40 RtlAllocateHeap 12142->12144 12144->12143 12145 6d8de0 12146 6d8f2f 12145->12146 12147 6d8e05 12145->12147 12148 6d9270 RtlAllocateHeap 12146->12148 12151 6d8e4c 12147->12151 12152 6d8e76 12147->12152 12149 6d8f34 12148->12149 12150 6c2480 RtlAllocateHeap 12149->12150 12158 6d8e5d __cftof 12150->12158 12151->12149 12153 6d8e57 12151->12153 12156 6dd3e2 RtlAllocateHeap 12152->12156 12152->12158 12155 6dd3e2 RtlAllocateHeap 12153->12155 12154 6f6c6a RtlAllocateHeap 12157 6d8f3e 12154->12157 12155->12158 12156->12158 12158->12154 12159 6d8eed shared_ptr __cftof 12158->12159 12160 6c55f0 12161 6c5610 12160->12161 12162 6c22c0 4 API calls 12161->12162 12163 6c5710 __floor_pentium4 12161->12163 12162->12161 12164 6c43f0 12165 6dbedf InitOnceExecuteOnce 12164->12165 12166 6c440a 12165->12166 12167 6c4411 12166->12167 12168 6f6cbb 4 API calls 12166->12168 12169 6c4424 12168->12169 12208 6c21c0 12209 6c21cb 12208->12209 12210 6c21d0 12208->12210 12211 6c21d4 12210->12211 12215 6c21ec __cftof 12210->12215 12212 6f75f6 __dosmaperr RtlAllocateHeap 12211->12212 12214 6c21d9 12212->12214 12213 6c21fc __cftof 12216 6f6c5a __cftof RtlAllocateHeap 12214->12216 12215->12213 12217 6c223a 12215->12217 12218 6c2221 12215->12218 12219 6c21e4 12216->12219 12221 6c2231 12217->12221 12223 6f75f6 __dosmaperr RtlAllocateHeap 12217->12223 12220 6f75f6 __dosmaperr RtlAllocateHeap 12218->12220 12222 6c2226 12220->12222 12225 6f6c5a __cftof RtlAllocateHeap 12222->12225 12224 6c2247 12223->12224 12226 6f6c5a __cftof RtlAllocateHeap 12224->12226 12225->12221 12227 6c2252 12226->12227 12233 6d79c0 12234 6d79e0 12233->12234 12234->12234 12235 6d80c0 RtlAllocateHeap 12234->12235 12236 6d79f2 12235->12236 12237 6d83c0 12238 6d7760 RtlAllocateHeap 12237->12238 12239 6d8439 12238->12239 12240 6d8f40 RtlAllocateHeap 12239->12240 12241 6d8454 12239->12241 12240->12241 12242 6d8f40 RtlAllocateHeap 12241->12242 12244 6d84a8 12241->12244 12243 6d84ee 12242->12243 12249 6c87d0 12250 6c88d3 12249->12250 12259 6c8819 shared_ptr 12249->12259 12251 6d80c0 RtlAllocateHeap 12250->12251 12252 6c8923 12251->12252 12257 6c8949 shared_ptr 12252->12257 12258 6f6c6a RtlAllocateHeap 12252->12258 12253 6c896c 12255 6d8200 RtlAllocateHeap 12253->12255 12254 6d80c0 RtlAllocateHeap 12254->12259 12256 6c8971 12255->12256 12258->12253 12259->12250 12259->12252 12259->12253 12259->12254 12269 6c9ba5 12270 6c9ba7 12269->12270 12271 6d7a00 RtlAllocateHeap 12270->12271 12272 6c9ca9 12271->12272 12273 6c5c10 4 API calls 12272->12273 12274 6c9cb1 12273->12274 12275 6c8b30 4 API calls 12274->12275 12276 6c9cc2 12275->12276 12277 6d8220 RtlAllocateHeap 12276->12277 12278 6c9cd1 12277->12278 12319 6f8bbe 12320 6f8868 4 API calls 12319->12320 12321 6f8bdc 12320->12321 12322 6f67b7 12323 6f67c3 __dosmaperr 12322->12323 12324 6f67cd 12323->12324 12328 6f67e2 12323->12328 12325 6f75f6 __dosmaperr RtlAllocateHeap 12324->12325 12326 6f67d2 12325->12326 12327 6f6c5a __cftof RtlAllocateHeap 12326->12327 12330 6f67dd 12327->12330 12328->12330 12331 6f6740 12328->12331 12332 6f674d 12331->12332 12333 6f6762 12331->12333 12334 6f75f6 __dosmaperr RtlAllocateHeap 12332->12334 12339 6f675d 12333->12339 12347 6fa038 12333->12347 12335 6f6752 12334->12335 12337 6f6c5a __cftof RtlAllocateHeap 12335->12337 12337->12339 12339->12330 12343 6f6785 12364 6faebb 12343->12364 12346 6fadf5 __freea RtlAllocateHeap 12346->12339 12348 6fa050 12347->12348 12352 6f6777 12347->12352 12349 6fafe4 RtlAllocateHeap 12348->12349 12348->12352 12350 6fa06e 12349->12350 12379 700439 12350->12379 12353 6fb00b 12352->12353 12354 6fb022 12353->12354 12356 6f677f 12353->12356 12355 6fadf5 __freea RtlAllocateHeap 12354->12355 12354->12356 12355->12356 12357 6fafe4 12356->12357 12358 6fb005 12357->12358 12359 6faff0 12357->12359 12358->12343 12360 6f75f6 __dosmaperr RtlAllocateHeap 12359->12360 12361 6faff5 12360->12361 12362 6f6c5a __cftof RtlAllocateHeap 12361->12362 12363 6fb000 12362->12363 12363->12343 12365 6faecc 12364->12365 12368 6faee1 12364->12368 12366 6f75e3 __dosmaperr RtlAllocateHeap 12365->12366 12370 6faed1 12366->12370 12367 6faf2a 12369 6f75e3 __dosmaperr RtlAllocateHeap 12367->12369 12368->12367 12373 6faf08 12368->12373 12371 6faf2f 12369->12371 12372 6f75f6 __dosmaperr RtlAllocateHeap 12370->12372 12374 6f75f6 __dosmaperr RtlAllocateHeap 12371->12374 12376 6f678b 12372->12376 12397 6fae2f 12373->12397 12377 6faf37 12374->12377 12376->12339 12376->12346 12378 6f6c5a __cftof RtlAllocateHeap 12377->12378 12378->12376 12380 700445 __dosmaperr 12379->12380 12381 700465 12380->12381 12382 70044d 12380->12382 12384 700500 12381->12384 12393 700497 12381->12393 12383 6f75e3 __dosmaperr RtlAllocateHeap 12382->12383 12385 700452 12383->12385 12386 6f75e3 __dosmaperr RtlAllocateHeap 12384->12386 12387 6f75f6 __dosmaperr RtlAllocateHeap 12385->12387 12388 700505 12386->12388 12389 70045a 12387->12389 12390 6f75f6 __dosmaperr RtlAllocateHeap 12388->12390 12389->12352 12391 70050d 12390->12391 12392 6f6c5a __cftof RtlAllocateHeap 12391->12392 12392->12389 12393->12389 12394 6f75f6 __dosmaperr RtlAllocateHeap 12393->12394 12395 7004be 12394->12395 12396 6f75e3 __dosmaperr RtlAllocateHeap 12395->12396 12396->12389 12398 6fae3b __dosmaperr 12397->12398 12399 6fae7b 12398->12399 12400 6fae70 12398->12400 12402 6f75f6 __dosmaperr RtlAllocateHeap 12399->12402 12404 6faf48 12400->12404 12403 6fae76 12402->12403 12403->12376 12415 6fc0de 12404->12415 12406 6faf58 12407 6fc0de RtlAllocateHeap 12406->12407 12413 6faf90 12406->12413 12414 6faf5e 12406->12414 12410 6faf87 12407->12410 12408 6fc0de RtlAllocateHeap 12408->12414 12409 6fafd8 12409->12403 12412 6fc0de RtlAllocateHeap 12410->12412 12411 6f75c0 __dosmaperr RtlAllocateHeap 12411->12409 12412->12413 12413->12408 12413->12414 12414->12409 12414->12411 12416 6fc0eb 12415->12416 12417 6fc100 12415->12417 12418 6f75e3 __dosmaperr RtlAllocateHeap 12416->12418 12419 6f75e3 __dosmaperr RtlAllocateHeap 12417->12419 12421 6fc125 12417->12421 12420 6fc0f0 12418->12420 12422 6fc130 12419->12422 12423 6f75f6 __dosmaperr RtlAllocateHeap 12420->12423 12421->12406 12424 6f75f6 __dosmaperr RtlAllocateHeap 12422->12424 12425 6fc0f8 12423->12425 12426 6fc138 12424->12426 12425->12406 12427 6f6c5a __cftof RtlAllocateHeap 12426->12427 12427->12425 12428 6c6db5 12429 6c6dc2 12428->12429 12430 6c6dca 12429->12430 12431 6c6df5 12429->12431 12432 6d80c0 RtlAllocateHeap 12430->12432 12434 6d80c0 RtlAllocateHeap 12431->12434 12433 6c6deb shared_ptr 12432->12433 12435 6c6ec1 shared_ptr 12433->12435 12436 6f6c6a RtlAllocateHeap 12433->12436 12434->12433 12437 6c6ee3 12436->12437 12442 6cb7b1 12443 6cb7be 12442->12443 12444 6d7a00 RtlAllocateHeap 12443->12444 12445 6cb7f3 12444->12445 12446 6d7a00 RtlAllocateHeap 12445->12446 12447 6cb80b 12446->12447 12448 6d7a00 RtlAllocateHeap 12447->12448 12449 6cb823 12448->12449 12450 6d7a00 RtlAllocateHeap 12449->12450 12451 6cb835 12450->12451 12470 6c8980 12472 6c89d8 shared_ptr 12470->12472 12480 6c8aea 12470->12480 12471 6d7a00 RtlAllocateHeap 12471->12472 12472->12471 12473 6c5c10 4 API calls 12472->12473 12474 6c8b20 12472->12474 12475 6d80c0 RtlAllocateHeap 12472->12475 12477 6c8b25 12472->12477 12472->12480 12473->12472 12476 6d8200 RtlAllocateHeap 12474->12476 12475->12472 12476->12477 12478 6f6c6a RtlAllocateHeap 12477->12478 12479 6c8b2a 12478->12479 12506 6c3f9f 12507 6c3fad 12506->12507 12511 6c3fc5 12506->12511 12508 6c2410 5 API calls 12507->12508 12509 6c3fb6 12508->12509 12510 6c3ce0 RtlAllocateHeap 12509->12510 12510->12511 12515 6c2b90 12516 6c2bce 12515->12516 12517 6db7fb TpReleaseWork 12516->12517 12518 6c2bdb shared_ptr __floor_pentium4 12517->12518

                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                            Function 006F652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 358 6f652b-6f6538 call 6fa302 361 6f655a-6f656c call 6f656d ExitProcess 358->361 362 6f653a-6f6548 GetPEB 358->362 362->361 363 6f654a-6f6559 362->363 363->361
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32(?,?,006F652A,?,?,?,?,?,006F7661), ref: 006F6567
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2137416563.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137393646.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137416563.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137476108.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137493218.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137511682.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137610422.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137628319.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137684076.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137701715.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137718496.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137735132.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137751253.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137767245.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137785295.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137801490.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137819357.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137836109.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137857748.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137873898.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137890889.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137910104.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137930851.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137947573.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137963946.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137983504.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138014184.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138033978.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138056652.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138075514.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138093691.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138111974.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138130532.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138147754.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138167289.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138184594.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138201270.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138224934.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138248373.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138270674.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138288032.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138305522.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138332374.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138404976.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138428557.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138451361.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138473245.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138491858.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138511104.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138534845.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138559180.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138578099.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExitProcess
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 621844428-0
                                                                                                                                                                                                                                                                            • Opcode ID: ff46d25bd147a99f3d158511e66d8a4b544e7e735223f82c3bc42eebdba84b0d
                                                                                                                                                                                                                                                                            • Instruction ID: c07191f7f6f1ade0492c23311caca0a228ce47fc30e5ba870f1018aaf4f9ef83
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff46d25bd147a99f3d158511e66d8a4b544e7e735223f82c3bc42eebdba84b0d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28E0863114110C6FCE65BB59C84D9A83B1AEF11749F005818FA0C56222CB25ED41C641
                                                                                                                                                                                                                                                                            Function 006C9BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2137416563.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137393646.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137416563.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137476108.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137493218.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137511682.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137610422.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137628319.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137684076.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137701715.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137718496.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137735132.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137751253.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137767245.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137785295.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137801490.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137819357.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137836109.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137857748.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137873898.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137890889.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137910104.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137930851.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137947573.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137963946.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137983504.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138014184.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138033978.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138056652.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138075514.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138093691.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138111974.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138130532.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138147754.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138167289.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138184594.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138201270.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138224934.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138248373.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138270674.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138288032.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138305522.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138332374.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138404976.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138428557.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138451361.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138473245.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138491858.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138511104.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138534845.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138559180.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138578099.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: 8a9bd23594f7c1252bd9d69d9ccfc2768dd72fa13a87d933a734e4241e9aa996
                                                                                                                                                                                                                                                                            • Instruction ID: 702ccab9038b9a121d9989de8e1b81c5217279b5591477e22b3cc89b184b7477
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a9bd23594f7c1252bd9d69d9ccfc2768dd72fa13a87d933a734e4241e9aa996
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D312971B002089BEB189B78DC8DBFDB6A3EB81314F20825DE014973D5C77589818665
                                                                                                                                                                                                                                                                            Function 006C9F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 22 6c9f44-6c9f64 26 6c9f66-6c9f72 22->26 27 6c9f92-6c9fae 22->27 30 6c9f88-6c9f8f call 6dd663 26->30 31 6c9f74-6c9f82 26->31 28 6c9fdc-6c9ffb 27->28 29 6c9fb0-6c9fbc 27->29 36 6c9ffd-6ca009 28->36 37 6ca029-6ca916 call 6d80c0 28->37 34 6c9fbe-6c9fcc 29->34 35 6c9fd2-6c9fd9 call 6dd663 29->35 30->27 31->30 32 6ca92b 31->32 39 6ca953-6ca994 Sleep CreateMutexA 32->39 40 6ca92b call 6f6c6a 32->40 34->32 34->35 35->28 43 6ca01f-6ca026 call 6dd663 36->43 44 6ca00b-6ca019 36->44 52 6ca996-6ca998 39->52 53 6ca9a7-6ca9a8 39->53 40->39 43->37 44->32 44->43 52->53 54 6ca99a-6ca9a5 52->54 54->53
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2137416563.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137393646.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137416563.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137476108.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137493218.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137511682.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137610422.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137628319.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137684076.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137701715.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137718496.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137735132.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137751253.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137767245.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137785295.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137801490.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137819357.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137836109.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137857748.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137873898.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137890889.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137910104.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137930851.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137947573.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137963946.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137983504.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138014184.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138033978.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138056652.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138075514.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138093691.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138111974.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138130532.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138147754.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138167289.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138184594.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138201270.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138224934.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138248373.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138270674.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138288032.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138305522.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138332374.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138404976.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138428557.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138451361.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138473245.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138491858.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138511104.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138534845.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138559180.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138578099.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: 27c8620d6b8fdadd6dc9b73ed2b45ff2514e3437ef97458bb92e1d71763a1aad
                                                                                                                                                                                                                                                                            • Instruction ID: 892d1350f4fa8b1ec6486e595d5d8e68868b9e1ceaabc7c254f08dd3cee0cd6d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27c8620d6b8fdadd6dc9b73ed2b45ff2514e3437ef97458bb92e1d71763a1aad
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E312A71B101489BEB189BA8D88DFFCB763EB86314F20865DE018D73D1C73589818766
                                                                                                                                                                                                                                                                            Function 006CA079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 56 6ca079-6ca099 60 6ca09b-6ca0a7 56->60 61 6ca0c7-6ca0e3 56->61 64 6ca0bd-6ca0c4 call 6dd663 60->64 65 6ca0a9-6ca0b7 60->65 62 6ca0e5-6ca0f1 61->62 63 6ca111-6ca130 61->63 67 6ca107-6ca10e call 6dd663 62->67 68 6ca0f3-6ca101 62->68 69 6ca15e-6ca916 call 6d80c0 63->69 70 6ca132-6ca13e 63->70 64->61 65->64 71 6ca930-6ca994 call 6f6c6a Sleep CreateMutexA 65->71 67->63 68->67 68->71 75 6ca154-6ca15b call 6dd663 70->75 76 6ca140-6ca14e 70->76 86 6ca996-6ca998 71->86 87 6ca9a7-6ca9a8 71->87 75->69 76->71 76->75 86->87 88 6ca99a-6ca9a5 86->88 88->87
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2137416563.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137393646.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137416563.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137476108.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137493218.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137511682.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137610422.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137628319.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137684076.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137701715.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137718496.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137735132.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137751253.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137767245.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137785295.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137801490.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137819357.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137836109.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137857748.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137873898.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137890889.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137910104.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137930851.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137947573.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137963946.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137983504.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138014184.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138033978.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138056652.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138075514.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138093691.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138111974.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138130532.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138147754.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138167289.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138184594.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138201270.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138224934.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138248373.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138270674.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138288032.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138305522.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138332374.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138404976.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138428557.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138451361.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138473245.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138491858.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138511104.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138534845.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138559180.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138578099.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: f3a7b17f7e814734792fa9c954ad1a7bcec41d3d22ad176b236ce6579e2cebeb
                                                                                                                                                                                                                                                                            • Instruction ID: fbefc458cac274d5fd7746e0699b6e1cd10d4eeedfef52e795871d0568ea4015
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f3a7b17f7e814734792fa9c954ad1a7bcec41d3d22ad176b236ce6579e2cebeb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8314831B111089BEB189BB8DC89FBCB773EB81318F24825DE018977D1C73A99808656
                                                                                                                                                                                                                                                                            Function 006CA1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 90 6ca1ae-6ca1ce 94 6ca1fc-6ca218 90->94 95 6ca1d0-6ca1dc 90->95 96 6ca21a-6ca226 94->96 97 6ca246-6ca265 94->97 98 6ca1de-6ca1ec 95->98 99 6ca1f2-6ca1f9 call 6dd663 95->99 102 6ca23c-6ca243 call 6dd663 96->102 103 6ca228-6ca236 96->103 104 6ca267-6ca273 97->104 105 6ca293-6ca916 call 6d80c0 97->105 98->99 100 6ca935 98->100 99->94 107 6ca953-6ca994 Sleep CreateMutexA 100->107 108 6ca935 call 6f6c6a 100->108 102->97 103->100 103->102 111 6ca289-6ca290 call 6dd663 104->111 112 6ca275-6ca283 104->112 120 6ca996-6ca998 107->120 121 6ca9a7-6ca9a8 107->121 108->107 111->105 112->100 112->111 120->121 122 6ca99a-6ca9a5 120->122 122->121
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2137416563.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137393646.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137416563.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137476108.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137493218.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137511682.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137610422.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137628319.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137684076.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137701715.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137718496.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137735132.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137751253.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137767245.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137785295.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137801490.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137819357.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137836109.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137857748.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137873898.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137890889.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137910104.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137930851.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137947573.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137963946.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137983504.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138014184.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138033978.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138056652.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138075514.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138093691.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138111974.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138130532.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138147754.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138167289.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138184594.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138201270.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138224934.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138248373.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138270674.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138288032.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138305522.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138332374.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138404976.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138428557.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138451361.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138473245.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138491858.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138511104.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138534845.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138559180.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138578099.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: f08f86f228fe57dbc04c410951a25b30eaf1b67a9e58a7e5a1b31511d804264f
                                                                                                                                                                                                                                                                            • Instruction ID: 8b7840d61832e1009b6ba47116172182061b417323d6f3299aab193a83cebf3e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f08f86f228fe57dbc04c410951a25b30eaf1b67a9e58a7e5a1b31511d804264f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED314831B011089BEB089BFCDC8DFBCB763EB86314F24425DE004973D1C73A8A808656
                                                                                                                                                                                                                                                                            Function 006CA418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 124 6ca418-6ca438 128 6ca43a-6ca446 124->128 129 6ca466-6ca482 124->129 130 6ca45c-6ca463 call 6dd663 128->130 131 6ca448-6ca456 128->131 132 6ca484-6ca490 129->132 133 6ca4b0-6ca4cf 129->133 130->129 131->130 136 6ca93f-6ca949 call 6f6c6a * 2 131->136 138 6ca4a6-6ca4ad call 6dd663 132->138 139 6ca492-6ca4a0 132->139 134 6ca4fd-6ca916 call 6d80c0 133->134 135 6ca4d1-6ca4dd 133->135 141 6ca4df-6ca4ed 135->141 142 6ca4f3-6ca4fa call 6dd663 135->142 155 6ca94e 136->155 156 6ca949 call 6f6c6a 136->156 138->133 139->136 139->138 141->136 141->142 142->134 157 6ca953-6ca994 Sleep CreateMutexA 155->157 158 6ca94e call 6f6c6a 155->158 156->155 160 6ca996-6ca998 157->160 161 6ca9a7-6ca9a8 157->161 158->157 160->161 162 6ca99a-6ca9a5 160->162 162->161
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2137416563.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137393646.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137416563.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137476108.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137493218.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137511682.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137610422.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137628319.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137684076.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137701715.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137718496.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137735132.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137751253.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137767245.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137785295.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137801490.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137819357.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137836109.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137857748.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137873898.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137890889.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137910104.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137930851.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137947573.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137963946.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137983504.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138014184.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138033978.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138056652.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138075514.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138093691.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138111974.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138130532.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138147754.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138167289.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138184594.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138201270.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138224934.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138248373.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138270674.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138288032.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138305522.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138332374.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138404976.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138428557.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138451361.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138473245.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138491858.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138511104.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138534845.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138559180.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138578099.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: 7e0db104fd05028f7771350e63baf066a935d6312e1522f3d0e250ab7366db57
                                                                                                                                                                                                                                                                            • Instruction ID: 59c1866271c92c5c3aa83292695f1b12e493a0d836ae5f9f58ac3005b5c0cb2e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e0db104fd05028f7771350e63baf066a935d6312e1522f3d0e250ab7366db57
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB313931B011089BEB1C9BBCDC8DFBDB6A3EB81318F20825DE0589B3D5D77989808656
                                                                                                                                                                                                                                                                            Function 006CA54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 164 6ca54d-6ca56d 168 6ca56f-6ca57b 164->168 169 6ca59b-6ca5b7 164->169 170 6ca57d-6ca58b 168->170 171 6ca591-6ca598 call 6dd663 168->171 172 6ca5b9-6ca5c5 169->172 173 6ca5e5-6ca604 169->173 170->171 176 6ca944-6ca949 call 6f6c6a 170->176 171->169 178 6ca5db-6ca5e2 call 6dd663 172->178 179 6ca5c7-6ca5d5 172->179 174 6ca606-6ca612 173->174 175 6ca632-6ca916 call 6d80c0 173->175 181 6ca628-6ca62f call 6dd663 174->181 182 6ca614-6ca622 174->182 191 6ca94e 176->191 192 6ca949 call 6f6c6a 176->192 178->173 179->176 179->178 181->175 182->176 182->181 195 6ca953-6ca994 Sleep CreateMutexA 191->195 196 6ca94e call 6f6c6a 191->196 192->191 198 6ca996-6ca998 195->198 199 6ca9a7-6ca9a8 195->199 196->195 198->199 200 6ca99a-6ca9a5 198->200 200->199
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2137416563.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137393646.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137416563.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137476108.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137493218.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137511682.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137610422.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137628319.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137684076.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137701715.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137718496.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137735132.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137751253.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137767245.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137785295.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137801490.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137819357.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137836109.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137857748.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137873898.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137890889.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137910104.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137930851.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137947573.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137963946.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137983504.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138014184.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138033978.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138056652.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138075514.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138093691.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138111974.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138130532.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138147754.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138167289.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138184594.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138201270.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138224934.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138248373.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138270674.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138288032.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138305522.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138332374.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138404976.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138428557.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138451361.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138473245.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138491858.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138511104.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138534845.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138559180.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138578099.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: 2b2b12c5361ad13623ec4430c66fa512cd4700ef46bbbf78879ddf1b2566693b
                                                                                                                                                                                                                                                                            • Instruction ID: 4fd81c2546f3d05c2347fdf7118f7d013f3de7a2a1680264c1cf4928746e3714
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b2b12c5361ad13623ec4430c66fa512cd4700ef46bbbf78879ddf1b2566693b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A312671B011089BEB18DBB8DC89FBCB763EB86318F24825DE0549B3D1C73989818756
                                                                                                                                                                                                                                                                            Function 006CA682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 202 6ca682-6ca6a2 206 6ca6a4-6ca6b0 202->206 207 6ca6d0-6ca6ec 202->207 210 6ca6c6-6ca6cd call 6dd663 206->210 211 6ca6b2-6ca6c0 206->211 208 6ca6ee-6ca6fa 207->208 209 6ca71a-6ca739 207->209 212 6ca6fc-6ca70a 208->212 213 6ca710-6ca717 call 6dd663 208->213 214 6ca73b-6ca747 209->214 215 6ca767-6ca916 call 6d80c0 209->215 210->207 211->210 216 6ca949 211->216 212->213 212->216 213->209 221 6ca75d-6ca764 call 6dd663 214->221 222 6ca749-6ca757 214->222 218 6ca94e 216->218 219 6ca949 call 6f6c6a 216->219 227 6ca953-6ca994 Sleep CreateMutexA 218->227 228 6ca94e call 6f6c6a 218->228 219->218 221->215 222->216 222->221 234 6ca996-6ca998 227->234 235 6ca9a7-6ca9a8 227->235 228->227 234->235 236 6ca99a-6ca9a5 234->236 236->235
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2137416563.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137393646.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137416563.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137476108.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137493218.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137511682.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137610422.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137628319.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137684076.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137701715.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137718496.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137735132.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137751253.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137767245.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137785295.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137801490.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137819357.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137836109.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137857748.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137873898.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137890889.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137910104.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137930851.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137947573.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137963946.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137983504.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138014184.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138033978.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138056652.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138075514.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138093691.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138111974.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138130532.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138147754.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138167289.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138184594.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138201270.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138224934.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138248373.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138270674.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138288032.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138305522.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138332374.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138404976.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138428557.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138451361.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138473245.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138491858.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138511104.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138534845.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138559180.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138578099.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: 914f5f0b03fd412539a80d7f583ba36a26f279a187c2b3f9dbc74388214f13c7
                                                                                                                                                                                                                                                                            • Instruction ID: efac0d138a954c27cca563560de5d1c410382c646ec9595d617fb8ff5eae1aa6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 914f5f0b03fd412539a80d7f583ba36a26f279a187c2b3f9dbc74388214f13c7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D311A71B101089BEB18DBB8DD89FBDB773EB81318F24865DE018973D1C77989818666
                                                                                                                                                                                                                                                                            Function 006C9ADC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 238 6c9adc-6c9ae8 239 6c9afe-6c9d91 call 6dd663 call 6d7a00 call 6c5c10 call 6c8b30 call 6d8220 call 6d7a00 call 6c5c10 call 6c8b30 call 6d8220 238->239 240 6c9aea-6c9af8 238->240 240->239 241 6ca917 240->241 243 6ca953-6ca994 Sleep CreateMutexA 241->243 244 6ca917 call 6f6c6a 241->244 250 6ca996-6ca998 243->250 251 6ca9a7-6ca9a8 243->251 244->243 250->251 253 6ca99a-6ca9a5 250->253 253->251
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2137416563.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137393646.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137416563.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137476108.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137493218.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137511682.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137610422.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137628319.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137684076.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137701715.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137718496.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137735132.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137751253.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137767245.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137785295.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137801490.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137819357.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137836109.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137857748.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137873898.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137890889.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137910104.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137930851.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137947573.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137963946.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137983504.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138014184.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138033978.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138056652.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138075514.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138093691.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138111974.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138130532.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138147754.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138167289.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138184594.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138201270.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138224934.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138248373.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138270674.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138288032.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138305522.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138332374.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138404976.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138428557.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138451361.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138473245.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138491858.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138511104.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138534845.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138559180.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138578099.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: 589f5159fa9429770d8fa58bfa5a1721a040bc9e653483e9659fcd58ad00ea3e
                                                                                                                                                                                                                                                                            • Instruction ID: 301cf5fd9f0b61cf2ea94e8aa1b13931aec7def463e70aaef0bc59c88ec45b0a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 589f5159fa9429770d8fa58bfa5a1721a040bc9e653483e9659fcd58ad00ea3e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12213A31B14208DBEB189BACEC8DFBDB763EBC1314F20421EE408973D1C77999818A55
                                                                                                                                                                                                                                                                            Function 006CA856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 306 6ca856-6ca86e 307 6ca89c-6ca89e 306->307 308 6ca870-6ca87c 306->308 311 6ca8a9-6ca8b1 call 6c7d30 307->311 312 6ca8a0-6ca8a7 307->312 309 6ca87e-6ca88c 308->309 310 6ca892-6ca899 call 6dd663 308->310 309->310 313 6ca94e 309->313 310->307 323 6ca8e4-6ca8e6 311->323 324 6ca8b3-6ca8bb call 6c7d30 311->324 315 6ca8eb-6ca916 call 6d80c0 312->315 320 6ca953-6ca987 Sleep CreateMutexA 313->320 321 6ca94e call 6f6c6a 313->321 325 6ca98e-6ca994 320->325 321->320 323->315 324->323 331 6ca8bd-6ca8c5 call 6c7d30 324->331 327 6ca996-6ca998 325->327 328 6ca9a7-6ca9a8 325->328 327->328 330 6ca99a-6ca9a5 327->330 330->328 331->323 335 6ca8c7-6ca8cf call 6c7d30 331->335 335->323 338 6ca8d1-6ca8d9 call 6c7d30 335->338 338->323 341 6ca8db-6ca8e2 338->341 341->315
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2137416563.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137393646.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137416563.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137476108.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137493218.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137511682.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137610422.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137628319.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137684076.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137701715.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137718496.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137735132.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137751253.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137767245.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137785295.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137801490.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137819357.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137836109.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137857748.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137873898.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137890889.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137910104.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137930851.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137947573.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137963946.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137983504.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138014184.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138033978.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138056652.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138075514.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138093691.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138111974.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138130532.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138147754.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138167289.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138184594.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138201270.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138224934.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138248373.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138270674.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138288032.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138305522.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138332374.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138404976.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138428557.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138451361.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138473245.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138491858.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138511104.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138534845.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138559180.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138578099.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: 13921231460ccc41d70de388beef089b9471f77dff2b8f1528387b85fe13d8b3
                                                                                                                                                                                                                                                                            • Instruction ID: 2de3136f88eaafa3ed87b6eefdfe725d017c5f9a03888d3603ef162866310f01
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13921231460ccc41d70de388beef089b9471f77dff2b8f1528387b85fe13d8b3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 232128717562089BEB2867EC988AFBDB263DF81704F24481EE048D73D1CA7A59818597
                                                                                                                                                                                                                                                                            Function 006CA34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 283 6ca34f-6ca35b 284 6ca35d-6ca36b 283->284 285 6ca371-6ca39a call 6dd663 283->285 284->285 286 6ca93a 284->286 291 6ca39c-6ca3a8 285->291 292 6ca3c8-6ca916 call 6d80c0 285->292 289 6ca953-6ca994 Sleep CreateMutexA 286->289 290 6ca93a call 6f6c6a 286->290 299 6ca996-6ca998 289->299 300 6ca9a7-6ca9a8 289->300 290->289 293 6ca3be-6ca3c5 call 6dd663 291->293 294 6ca3aa-6ca3b8 291->294 293->292 294->286 294->293 299->300 303 6ca99a-6ca9a5 299->303 303->300
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000064), ref: 006CA963
                                                                                                                                                                                                                                                                            • CreateMutexA.KERNELBASE(00000000,00000000,00723254), ref: 006CA981
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2137416563.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137393646.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137416563.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137476108.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137493218.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137511682.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137610422.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137628319.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137684076.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137701715.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137718496.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137735132.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137751253.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137767245.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137785295.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137801490.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137819357.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137836109.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137857748.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137873898.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137890889.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137910104.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137930851.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137947573.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137963946.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137983504.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138014184.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138033978.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138056652.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138075514.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138093691.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138111974.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138130532.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138147754.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138167289.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138184594.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138201270.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138224934.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138248373.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138270674.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138288032.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138305522.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138332374.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138404976.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138428557.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138451361.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138473245.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138491858.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138511104.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138534845.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138559180.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138578099.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                                            • String ID: T2r
                                                                                                                                                                                                                                                                            • API String ID: 1464230837-3348044575
                                                                                                                                                                                                                                                                            • Opcode ID: caff9e58803516584066c4e9d9206e1d7c2353e582de3f1160f74a6c8c0a3a23
                                                                                                                                                                                                                                                                            • Instruction ID: f84a26ea214746623038f64079b2c0e5edfd8c6375c2b2e54877be208b0bf5cf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: caff9e58803516584066c4e9d9206e1d7c2353e582de3f1160f74a6c8c0a3a23
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2213A71715248DBEB189BACDC89BBCB763EB81314F24421EE408D77D0C7799A808652
                                                                                                                                                                                                                                                                            Function 006FD82F Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 342 6fd82f-6fd83a 343 6fd83c-6fd846 342->343 344 6fd848-6fd84e 342->344 343->344 345 6fd87c-6fd887 call 6f75f6 343->345 346 6fd867-6fd878 RtlAllocateHeap 344->346 347 6fd850-6fd851 344->347 352 6fd889-6fd88b 345->352 348 6fd87a 346->348 349 6fd853-6fd85a call 6f9dc0 346->349 347->346 348->352 349->345 355 6fd85c-6fd865 call 6f8e36 349->355 355->345 355->346
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,006FA813,00000001,00000364,00000006,000000FF,?,006FEE3F,?,00000004,00000000,?,?), ref: 006FD870
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2137416563.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137393646.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137416563.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137476108.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137493218.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137511682.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137610422.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137628319.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137684076.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137701715.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137718496.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137735132.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137751253.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137767245.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137785295.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137801490.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137819357.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137836109.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137857748.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137873898.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137890889.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137910104.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137930851.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137947573.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137963946.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137983504.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138014184.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138033978.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138056652.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138075514.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138093691.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138111974.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138130532.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138147754.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138167289.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138184594.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138201270.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138224934.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138248373.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138270674.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138288032.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138305522.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138332374.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138404976.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138428557.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138451361.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138473245.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138491858.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138511104.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138534845.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138559180.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138578099.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                            • Opcode ID: 855b961f324f311bdfc02a561eaa8611a92258b351cb549e23b5c93995ecb73a
                                                                                                                                                                                                                                                                            • Instruction ID: 34e510cfa07de858b82cff7d1723bd69061734fcb1396b39a716bb31d64becc0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 855b961f324f311bdfc02a561eaa8611a92258b351cb549e23b5c93995ecb73a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8F0893265552CA6EB216A76DC01BBF375B9F417F0B258125EF24A7291DA20FC0185E4

                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                            Function 006C2EC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2137416563.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137393646.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137416563.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137476108.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137493218.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137511682.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137610422.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137628319.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137684076.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137701715.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137718496.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137735132.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137751253.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137767245.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137785295.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137801490.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137819357.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137836109.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137857748.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137873898.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137890889.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137910104.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137930851.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137947573.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137963946.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137983504.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138014184.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138033978.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138056652.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138075514.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138093691.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138111974.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138130532.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138147754.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138167289.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138184594.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138201270.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138224934.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138248373.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138270674.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138288032.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138305522.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138332374.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138404976.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138428557.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138451361.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138473245.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138491858.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138511104.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138534845.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138559180.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138578099.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 57040152-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2ade736043d7e99650afffb3d1cf8ba0c4aaea43c4a262e26dc5ad02c1a9efd8
                                                                                                                                                                                                                                                                            • Instruction ID: d22e544384eedfe821256ea469ef064d1c5ae300786623d39fe3ac15a222fd20
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ade736043d7e99650afffb3d1cf8ba0c4aaea43c4a262e26dc5ad02c1a9efd8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38A1E0B1E0061A9FDB20DF64C944BAAB7AAFF15320F14812EE815D7741EB31EA04CBD1
                                                                                                                                                                                                                                                                            Function 006FCBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2137416563.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137393646.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137416563.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137476108.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137493218.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137511682.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137610422.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137628319.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137684076.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137701715.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137718496.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137735132.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137751253.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137767245.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137785295.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137801490.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137819357.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137836109.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137857748.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137873898.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137890889.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137910104.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137930851.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137947573.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137963946.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137983504.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138014184.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138033978.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138056652.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138075514.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138093691.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138111974.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138130532.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138147754.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138167289.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138184594.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138201270.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138224934.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138248373.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138270674.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138288032.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138305522.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138332374.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138404976.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138428557.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138451361.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138473245.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138491858.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138511104.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138534845.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138559180.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138578099.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _strrchr
                                                                                                                                                                                                                                                                            • String ID: vo
                                                                                                                                                                                                                                                                            • API String ID: 3213747228-1079588389
                                                                                                                                                                                                                                                                            • Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
                                                                                                                                                                                                                                                                            • Instruction ID: 781e3455bcf7cf3bafecd55fdf8943d0cfaaa71d9f39693f4d44b2eece119302
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61B1253290468D9FDB15CF28C981BFEBBE6EF45360F1441AAEA55EB341D6348D02CB64
                                                                                                                                                                                                                                                                            Function 006DBB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2137416563.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137393646.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137416563.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137476108.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137493218.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137511682.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137610422.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137628319.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137684076.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137701715.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137718496.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137735132.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137751253.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137767245.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137785295.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137801490.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137819357.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137836109.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137857748.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137873898.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137890889.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137910104.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137930851.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137947573.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137963946.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137983504.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138014184.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138033978.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138056652.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138075514.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138093691.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138111974.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138130532.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138147754.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138167289.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138184594.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138201270.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138224934.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138248373.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138270674.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138288032.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138305522.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138332374.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138404976.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138428557.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138451361.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138473245.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138491858.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138511104.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138534845.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138559180.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138578099.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 531285432-0
                                                                                                                                                                                                                                                                            • Opcode ID: 36500ee623d7236ec423328c6b29a1f8385e1625ae699bc22d247d177bb2590f
                                                                                                                                                                                                                                                                            • Instruction ID: 5926481f487d45fc69301ff353fa202e23a701d2c6692f1efc9a672f809821f6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36500ee623d7236ec423328c6b29a1f8385e1625ae699bc22d247d177bb2590f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF21FB71E0011AAFDF10EFA4D881AFEB7BAAF08720B51401AF501A7391DB749D419BA4
                                                                                                                                                                                                                                                                            Function 006FF35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2137416563.00000000006C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006C0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137393646.00000000006C0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137416563.0000000000722000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137476108.0000000000729000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137493218.000000000072B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137511682.0000000000737000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137610422.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137628319.0000000000895000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008AB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137648601.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137684076.00000000008BC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137701715.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137718496.00000000008BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137735132.00000000008BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137751253.00000000008C0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137767245.00000000008C2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137785295.00000000008CB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137801490.00000000008CC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137819357.00000000008CF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137836109.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137857748.00000000008EC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137873898.00000000008ED000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137890889.00000000008F5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137910104.0000000000906000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137930851.000000000091C000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137947573.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137963946.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2137983504.0000000000927000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138014184.000000000092E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138033978.0000000000934000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138056652.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138075514.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138093691.0000000000945000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138111974.0000000000948000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138130532.0000000000950000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138147754.0000000000951000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138167289.0000000000958000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138184594.000000000095A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138201270.000000000095B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138224934.0000000000963000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138248373.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138270674.0000000000977000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138288032.0000000000978000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138305522.0000000000979000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138332374.000000000097A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.000000000097C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138352064.00000000009A3000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138404976.00000000009BE000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138428557.00000000009BF000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138451361.00000000009D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138473245.00000000009D4000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138491858.00000000009D5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138511104.00000000009DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138534845.00000000009DC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138559180.00000000009EA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.2138578099.00000000009EB000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6c0000_skotes.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ___free_lconv_mon
                                                                                                                                                                                                                                                                            • String ID: 8"r$`'r
                                                                                                                                                                                                                                                                            • API String ID: 3903695350-3437196005
                                                                                                                                                                                                                                                                            • Opcode ID: 0feb397f4af5da43015708793676ce9f631554acdf0b547b1f8e659196dc220f
                                                                                                                                                                                                                                                                            • Instruction ID: a275a869d2e3d97aea03700a2dd367473d1ccdb051bb3c82f4d80c93d18584ba
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0feb397f4af5da43015708793676ce9f631554acdf0b547b1f8e659196dc220f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8316B7260020DDFEB20AB79D845BBB73EAEF00311F10442DE249D6692DE30AC80CB65

                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                            Execution Coverage:9.9%
                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:2.7%
                                                                                                                                                                                                                                                                            Signature Coverage:4.8%
                                                                                                                                                                                                                                                                            Total number of Nodes:294
                                                                                                                                                                                                                                                                            Total number of Limit Nodes:10
                                                                                                                                                                                                                                                                            execution_graph 20864 37323e 72 API calls shared_ptr 20946 37113a 78 API calls std::_Throw_Cpp_error 20549 374a39 20550 374a45 ___scrt_is_nonwritable_in_current_image 20549->20550 20575 3713e2 20550->20575 20552 374a4c 20553 374ba5 20552->20553 20563 374a76 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 20552->20563 20601 374073 4 API calls 2 library calls 20553->20601 20555 374bac 20602 37a4bd 21 API calls CallUnexpected 20555->20602 20557 374bb2 20603 37a4d3 21 API calls CallUnexpected 20557->20603 20559 374bba 20560 374a95 20561 374b16 20586 37ca3c 20561->20586 20563->20560 20563->20561 20597 37a507 39 API calls 4 library calls 20563->20597 20564 374b1c 20590 361c00 20564->20590 20569 374b3d 20569->20555 20570 374b41 20569->20570 20571 374b4a 20570->20571 20599 37a4e9 21 API calls CallUnexpected 20570->20599 20600 37141b 75 API calls ___scrt_uninitialize_crt 20571->20600 20574 374b53 20574->20560 20576 3713eb 20575->20576 20604 373cdf IsProcessorFeaturePresent 20576->20604 20578 3713f7 20605 3753c5 10 API calls 2 library calls 20578->20605 20580 3713fc 20585 371400 20580->20585 20606 3778ff 20580->20606 20582 371417 20582->20552 20585->20552 20587 37ca45 20586->20587 20588 37ca4a 20586->20588 20619 37cb65 59 API calls 20587->20619 20588->20564 20620 362620 20590->20620 20594 361c3a 20628 3711f9 20594->20628 20596 361c73 20598 374020 GetModuleHandleW 20596->20598 20597->20561 20598->20569 20599->20571 20600->20574 20601->20555 20602->20557 20603->20559 20604->20578 20605->20580 20610 3827a5 20606->20610 20609 3753e4 7 API calls 2 library calls 20609->20585 20611 3827b5 20610->20611 20612 371409 20610->20612 20611->20612 20614 381f19 20611->20614 20612->20582 20612->20609 20615 381f20 20614->20615 20616 381f63 GetStdHandle 20615->20616 20617 381fc5 20615->20617 20618 381f76 GetFileType 20615->20618 20616->20615 20617->20611 20618->20615 20619->20588 20621 36264c 20620->20621 20635 36a1f0 20621->20635 20624 362670 20625 362684 20624->20625 20626 362698 20625->20626 20703 36b2c0 40 API calls Concurrency::cancel_current_task 20625->20703 20626->20594 20629 371202 IsProcessorFeaturePresent 20628->20629 20630 371201 20628->20630 20632 373bd1 20629->20632 20630->20596 20704 373cb7 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 20632->20704 20634 373cb4 20634->20596 20644 36a330 20635->20644 20639 36a232 20660 36a3c0 20639->20660 20641 36a248 20642 3711f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20641->20642 20643 361c32 20642->20643 20643->20624 20666 370eb0 20644->20666 20647 3711f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20648 36a21d 20647->20648 20649 36a2a0 20648->20649 20650 36a2fb 20649->20650 20651 36a2bb 20649->20651 20652 371185 codecvt 16 API calls 20650->20652 20651->20650 20653 36a2cc 20651->20653 20654 36a30c 20652->20654 20675 371185 20653->20675 20688 36a490 135 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 20654->20688 20657 36a2ed 20657->20639 20661 36a3d4 20660->20661 20662 36a3e8 20661->20662 20701 36b2c0 40 API calls Concurrency::cancel_current_task 20661->20701 20664 36a401 20662->20664 20702 36b2c0 40 API calls Concurrency::cancel_current_task 20662->20702 20664->20641 20671 370f00 20666->20671 20669 3711f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20670 36a35d 20669->20670 20670->20647 20672 370f29 20671->20672 20673 3711f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20672->20673 20674 370ee0 20673->20674 20674->20669 20676 37118a 20675->20676 20678 36a2dd 20676->20678 20680 3711a6 20676->20680 20689 37e3ac 20676->20689 20696 37a7ef EnterCriticalSection LeaveCriticalSection codecvt 20676->20696 20687 36a450 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 20678->20687 20681 373ac2 codecvt 20680->20681 20683 3711b0 Concurrency::cancel_current_task 20680->20683 20698 374d23 RaiseException 20681->20698 20697 374d23 RaiseException 20683->20697 20684 373ade 20686 371ccf 20687->20657 20688->20657 20694 3804c1 __strnicoll 20689->20694 20690 3804ff 20700 37c664 14 API calls __strnicoll 20690->20700 20691 3804ea RtlAllocateHeap 20693 3804fd 20691->20693 20691->20694 20693->20676 20694->20690 20694->20691 20699 37a7ef EnterCriticalSection LeaveCriticalSection codecvt 20694->20699 20696->20676 20697->20686 20698->20684 20699->20694 20700->20693 20704->20634 20867 381e37 15 API calls 20869 374a27 30 API calls 20870 375223 54 API calls 2 library calls 20947 385d2c 41 API calls 3 library calls 20874 37302f 68 API calls 20952 377b2c GetCommandLineA GetCommandLineW 20875 37182a 16 API calls 2 library calls 20953 372b29 47 API calls 2 library calls 20954 365510 95 API calls 3 library calls 20955 36ad10 39 API calls 20881 38e81f 20 API calls 20886 385c0c 42 API calls 3 library calls 20889 36a800 50 API calls 20957 36cf00 62 API calls 20958 371100 48 API calls 2 library calls 20890 377a0c 15 API calls 2 library calls 20962 374974 71 API calls 2 library calls 20963 374b74 21 API calls CallUnexpected 20964 38237c LeaveCriticalSection std::_Lockit::~_Lockit 20891 38507d 41 API calls 3 library calls 20896 363260 30 API calls 20897 366860 49 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 20898 36be60 62 API calls 20899 37306b 68 API calls 20973 37f557 55 API calls 2 library calls 20974 374355 DecodePointer 20976 38595a 44 API calls 3 library calls 20901 362450 103 API calls 20977 364950 98 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 20978 36cf50 134 API calls 3 library calls 20902 372a5a 31 API calls 20982 371942 9 API calls 3 library calls 20906 375440 40 API calls 5 library calls 20985 381dbc GetProcessHeap 20988 3753b1 8 API calls 20990 36adb0 29 API calls std::_Throw_Cpp_error 20911 3710b0 32 API calls std::_Throw_Cpp_error 20992 372db0 69 API calls _Yarn 20993 3747bb GetModuleHandleW GetProcAddress GetProcAddress 20994 374bbb GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 20996 3781a3 66 API calls 20997 3633a0 14 API calls 20999 380fa7 FreeLibrary 21000 36a590 48 API calls 20541 39c19e 20548 39c1d4 20541->20548 20542 39c321 GetPEB 20543 39c333 CreateProcessW VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 20542->20543 20544 39c3da WriteProcessMemory 20543->20544 20543->20548 20545 39c41f 20544->20545 20546 39c461 WriteProcessMemory Wow64SetThreadContext ResumeThread 20545->20546 20547 39c424 WriteProcessMemory 20545->20547 20547->20545 20548->20542 20548->20543 20917 372e90 70 API calls 20918 37109a 33 API calls std::_Throw_Cpp_error 21003 367180 31 API calls std::_Throw_Cpp_error 20923 37788f 7 API calls ___scrt_uninitialize_crt 21005 377389 47 API calls 4 library calls 21006 371589 DeleteCriticalSection 20705 371a88 20728 3719f9 GetModuleHandleExW 20705->20728 20707 371ace 20710 3719f9 Concurrency::details::_Reschedule_chore GetModuleHandleExW 20707->20710 20711 371ad4 20710->20711 20713 371af5 20711->20713 20750 3719dc GetModuleHandleExW 20711->20750 20730 36e250 20713->20730 20716 371ae5 20716->20713 20717 371aeb FreeLibraryWhenCallbackReturns 20716->20717 20717->20713 20719 3719f9 Concurrency::details::_Reschedule_chore GetModuleHandleExW 20720 371b0b 20719->20720 20721 371b39 20720->20721 20722 36b1f0 47 API calls 20720->20722 20723 371b17 20722->20723 20724 37386f ReleaseSRWLockExclusive 20723->20724 20725 371b2a 20724->20725 20725->20721 20751 3734df WakeAllConditionVariable 20725->20751 20729 371a0f 20728->20729 20729->20707 20739 36b1f0 20729->20739 20752 364560 20730->20752 20732 36e271 std::_Throw_Cpp_error 20756 36f1c0 20732->20756 20735 36e29f 20736 3711f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20735->20736 20737 36e2a9 20736->20737 20737->20719 20740 36b204 std::_Throw_Cpp_error 20739->20740 20843 37385e 20740->20843 20744 36b221 20745 36b23d 20744->20745 20847 371c19 40 API calls 2 library calls 20744->20847 20747 37386f 20745->20747 20748 37387c ReleaseSRWLockExclusive 20747->20748 20749 37388a 20747->20749 20748->20749 20749->20707 20750->20716 20751->20721 20753 364590 20752->20753 20754 3711f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20753->20754 20755 36459d 20754->20755 20755->20732 20757 364560 5 API calls 20756->20757 20758 36f1e1 std::_Throw_Cpp_error 20757->20758 20764 370010 20758->20764 20759 36f1f3 20760 3711f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20759->20760 20761 36e297 20760->20761 20763 36e2e0 CloseThreadpoolWork std::_Throw_Cpp_error 20761->20763 20763->20735 20765 370027 20764->20765 20770 370160 20765->20770 20767 37002e std::_Throw_Cpp_error 20769 370036 20767->20769 20777 370220 20767->20777 20769->20759 20782 36d560 20770->20782 20772 370187 20785 36d690 20772->20785 20775 3711f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20776 3701e1 20775->20776 20776->20767 20792 370260 20777->20792 20780 3711f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20781 370250 20780->20781 20781->20769 20783 36b1f0 47 API calls 20782->20783 20784 36d57e 20783->20784 20784->20772 20788 36b2a0 20785->20788 20789 36b2b1 std::_Throw_Cpp_error 20788->20789 20790 37386f ReleaseSRWLockExclusive 20789->20790 20791 36b2b9 20790->20791 20791->20775 20793 370281 20792->20793 20802 370430 20793->20802 20795 3702c1 20805 3703c0 20795->20805 20799 3702e7 20800 3711f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20799->20800 20801 370243 20800->20801 20801->20780 20812 370570 20802->20812 20804 370450 20804->20795 20806 3703e4 20805->20806 20827 370500 20806->20827 20808 3703ff 20809 3711f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20808->20809 20810 3702d1 20809->20810 20811 370300 134 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 20810->20811 20811->20799 20813 3705a1 20812->20813 20818 3705e0 20813->20818 20815 3705b4 20816 3711f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20815->20816 20817 3705cb 20816->20817 20817->20804 20819 3705f7 20818->20819 20822 370620 20819->20822 20821 370605 20821->20815 20823 37063d 20822->20823 20825 370645 Concurrency::details::_ContextCallback::_CallInContext 20823->20825 20826 370670 31 API calls 2 library calls 20823->20826 20825->20821 20826->20825 20828 370514 Concurrency::details::_ContextCallback::_CallInContext 20827->20828 20829 37051c Concurrency::details::_ContextCallback::_CallInContext 20828->20829 20836 371da0 RaiseException Concurrency::cancel_current_task 20828->20836 20833 370790 20829->20833 20837 370830 20833->20837 20840 370850 20837->20840 20841 36b9e0 Concurrency::details::_ContextCallback::_CallInContext 125 API calls 20840->20841 20842 370539 20841->20842 20842->20808 20848 37388e GetCurrentThreadId 20843->20848 20846 371c19 40 API calls 2 library calls 20849 3738d7 20848->20849 20850 3738b8 20848->20850 20851 3738f7 20849->20851 20852 3738e0 20849->20852 20853 3738bd AcquireSRWLockExclusive 20850->20853 20859 3738cd 20850->20859 20855 373956 20851->20855 20862 37390f 20851->20862 20854 3738eb AcquireSRWLockExclusive 20852->20854 20852->20859 20853->20859 20854->20859 20857 37395d TryAcquireSRWLockExclusive 20855->20857 20855->20859 20856 3711f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20858 36b20c 20856->20858 20857->20859 20858->20744 20858->20846 20859->20856 20861 373946 TryAcquireSRWLockExclusive 20861->20859 20861->20862 20862->20859 20862->20861 20863 37454d GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldiv __aullrem __Xtime_get_ticks 20862->20863 20863->20862 21007 374188 49 API calls _unexpected 20927 38b6f5 49 API calls 20929 361ae0 6 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 21010 36a5e0 61 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 21011 3669e0 5 API calls 2 library calls 21012 372fe1 66 API calls 21015 38f1e5 IsProcessorFeaturePresent 21016 37cfd5 7 API calls 20931 377ad4 73 API calls 2 library calls 21020 383bd7 43 API calls 2 library calls 20936 3806cd 16 API calls __strnicoll 21023 36a7c0 125 API calls 21024 381dce 34 API calls 2 library calls 20942 372cc8 45 API calls 2 library calls

                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                            Function 0039C19E Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 295threadinjectionmemoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,0039C110,0039C100), ref: 0039C334
                                                                                                                                                                                                                                                                            • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 0039C347
                                                                                                                                                                                                                                                                            • Wow64GetThreadContext.KERNEL32(0000009C,00000000), ref: 0039C365
                                                                                                                                                                                                                                                                            • ReadProcessMemory.KERNELBASE(00000098,?,0039C154,00000004,00000000), ref: 0039C389
                                                                                                                                                                                                                                                                            • VirtualAllocEx.KERNELBASE(00000098,?,?,00003000,00000040), ref: 0039C3B4
                                                                                                                                                                                                                                                                            • WriteProcessMemory.KERNELBASE(00000098,00000000,?,?,00000000,?), ref: 0039C40C
                                                                                                                                                                                                                                                                            • WriteProcessMemory.KERNELBASE(00000098,00400000,?,?,00000000,?,00000028), ref: 0039C457
                                                                                                                                                                                                                                                                            • WriteProcessMemory.KERNELBASE(00000098,?,?,00000004,00000000), ref: 0039C495
                                                                                                                                                                                                                                                                            • Wow64SetThreadContext.KERNEL32(0000009C,014E0000), ref: 0039C4D1
                                                                                                                                                                                                                                                                            • ResumeThread.KERNELBASE(0000009C), ref: 0039C4E0
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                                                                                                                                                                                            • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                                                                                                                                                                                                                                            • API String ID: 2687962208-3857624555
                                                                                                                                                                                                                                                                            • Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                                                                                                                            • Instruction ID: 111f94615a6d73d42374ab5bcbaa5e51f0db4b1b175454363c0c9b28493a811c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1B1087664064AAFDB60CF68CC80BDA73A5FF88714F168524EA0CAB341D774FA51CB94
                                                                                                                                                                                                                                                                            Function 00361870 Relevance: 9.2, APIs: 6, Instructions: 162fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$CloseCreateHandleSize
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1378416451-0
                                                                                                                                                                                                                                                                            • Opcode ID: 32d4ca73b525966d7f48c60394fa3cf705b25f6f7e892b4c2c15ef117138a0a8
                                                                                                                                                                                                                                                                            • Instruction ID: 80b510f36898ae1a22eae8aa9d677a5afb2d69fa66611fba3c3feb5356ff6549
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 32d4ca73b525966d7f48c60394fa3cf705b25f6f7e892b4c2c15ef117138a0a8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C71BFB0D04248CFCB11EFA8D58879DBBF4BF48304F14852AE899AB345D735A945CF92
                                                                                                                                                                                                                                                                            Function 00367D50 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 477COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 60 367d50-367db5 61 367df0-367e13 call 3660a0 60->61 62 367dbb-367dcc 60->62 67 367e2a-367e42 61->67 68 367e19-367e25 61->68 63 367de4-367dea 62->63 64 367dd2-367dde 62->64 63->61 64->63 70 367e9b 67->70 71 367e48-367e58 67->71 69 367ea0-367fe0 call 37e850 call 37e384 call 37e850 call 363fa0 call 3660c0 call 363fd0 call 3661d0 call 366270 call 366230 call 363fa0 call 366290 call 363fd0 call 3663a0 call 3663d0 68->69 103 367fe6-368011 call 368910 call 366270 69->103 104 368013-36801a 69->104 70->69 71->70 73 367e5e-367e6f 71->73 75 367e75-367e86 73->75 76 367e8c-367e95 73->76 75->70 75->76 76->70 103->104 106 368020-368029 104->106 107 368141-36815a call 361d90 call 366500 104->107 109 368040-368046 106->109 110 36802f-36803b 106->110 121 368176-368180 107->121 122 368160-368170 call 366500 107->122 113 36804c-36806c call 366270 109->113 110->113 120 368072-368086 113->120 124 3680c7-3680cf 120->124 125 36808c-3680a1 120->125 123 368196-3681b0 call 3660a0 121->123 122->121 139 368185-368190 call 366500 122->139 137 3681b6-3681c0 123->137 138 3682a1-3682ab 123->138 130 3680d5-36813c 124->130 131 3680da-368122 call 3663f0 124->131 125->124 128 3680a7-3680c1 125->128 128->124 130->107 141 368137 131->141 142 368128-368131 131->142 137->138 143 3681c6-36829c call 366520 call 366270 call 3665a0 137->143 144 3682b1-368399 call 366270 call 3665a0 call 366520 138->144 145 36839e-368424 call 366270 call 3665a0 138->145 139->123 141->120 142->141 163 36842c-3684a2 call 366270 call 3665a0 143->163 160 368427 144->160 145->160 160->163 168 3684a7-36854c call 366630 call 366520 call 361e40 * 2 call 3711f9 163->168
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _strcspn
                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                            • API String ID: 3709121408-2766056989
                                                                                                                                                                                                                                                                            • Opcode ID: 61828020e1db2d2f20368c8f1667b15a79458dd73eccbd5b54f763a0604a8012
                                                                                                                                                                                                                                                                            • Instruction ID: bab4c60e64e4e0f808d68b348629712d2c18fe8a4417a8f1fcd87c94d6807848
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 61828020e1db2d2f20368c8f1667b15a79458dd73eccbd5b54f763a0604a8012
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C732D2B49042698FCB25DF24C991A9DBBF1BF49300F05C5AAE849AB305D730AE85CF91
                                                                                                                                                                                                                                                                            Function 00361710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ConsoleFreeProtectVirtual
                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                            • API String ID: 621788221-2766056989
                                                                                                                                                                                                                                                                            • Opcode ID: f483acc7814d7e7e33d82ed714d4182df4463ac2bb277f7af2c0ec98063c91de
                                                                                                                                                                                                                                                                            • Instruction ID: d2ddc11695c6c74a3d85050ef5744067719d2e44d5a9e6021f4e7ae289da37b0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f483acc7814d7e7e33d82ed714d4182df4463ac2bb277f7af2c0ec98063c91de
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D41CEB0D00208DFCB05DFA9E88469EBBF4BF48344F11C82AE458AB351D775A944CF95
                                                                                                                                                                                                                                                                            Function 00371670 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 195 371670-371678 call 37e3b7 197 37167d-37169a call 3716d6 195->197 200 3716a6-3716bb call 3716d6 197->200 201 37169c-3716a5 call 37e3b7 197->201 201->200
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Yarn
                                                                                                                                                                                                                                                                            • String ID: =n9
                                                                                                                                                                                                                                                                            • API String ID: 1767336200-2005492208
                                                                                                                                                                                                                                                                            • Opcode ID: 57e238aa1058c7b702cfdcd56f51e6d708d776d67e0a6b8c13b6b62b455875c3
                                                                                                                                                                                                                                                                            • Instruction ID: 48e482fa2e193d871fbe1fded5871838319c6598390e9a7e412e8286e278eb44
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57e238aa1058c7b702cfdcd56f51e6d708d776d67e0a6b8c13b6b62b455875c3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DCE065273082046BFB296A6ADC12F7633D8DB44761F14412DFD0E9E5C1EE50EC008554
                                                                                                                                                                                                                                                                            Function 00364690 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 003646AB
                                                                                                                                                                                                                                                                              • Part of subcall function 00371670: _Yarn.LIBCPMT ref: 00371690
                                                                                                                                                                                                                                                                              • Part of subcall function 00371670: _Yarn.LIBCPMT ref: 003716B4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Yarn$LockitLockit::_std::_
                                                                                                                                                                                                                                                                            • String ID: bad locale name
                                                                                                                                                                                                                                                                            • API String ID: 360232963-1405518554
                                                                                                                                                                                                                                                                            • Opcode ID: 83548ae5dc00f4d08fbd9ad98944adcd56d74dc52c28ff25a410e59e19ede37e
                                                                                                                                                                                                                                                                            • Instruction ID: dda4b3dd942367449a1c2667d88bfa92b040acce0eb99687dde2515fe5eade7e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83548ae5dc00f4d08fbd9ad98944adcd56d74dc52c28ff25a410e59e19ede37e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E012570D041089FCB09FFECD4917ADBBB1AF45308F44846CE55A5B346DA31AA90CB56
                                                                                                                                                                                                                                                                            Function 00361C00 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 227 361c00-361c43 call 362620 call 362670 232 361c51-361c7a call 3626b0 call 3711f9 227->232
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: EqualPrefix
                                                                                                                                                                                                                                                                            • String ID: @Ju
                                                                                                                                                                                                                                                                            • API String ID: 447727826-501080590
                                                                                                                                                                                                                                                                            • Opcode ID: d8b92721ae0aa7b7e4848585aef32b8ae7e83aa5924881d146e3e579513fc622
                                                                                                                                                                                                                                                                            • Instruction ID: 627cdff4277ba37d8a6bfbb155e0a01276c2da1c92de42e137bc4ddfb84ae63e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8b92721ae0aa7b7e4848585aef32b8ae7e83aa5924881d146e3e579513fc622
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4013170904208DFCB01EFA8D95579EBBF8FF04304F40845DE4599B351EBB49A04CB92
                                                                                                                                                                                                                                                                            Function 00387FBC Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 237 387fbc-387fde 238 3881d1 237->238 239 387fe4-387fe6 237->239 240 3881d3-3881d7 238->240 241 387fe8-388007 call 37cef8 239->241 242 388012-388035 239->242 248 38800a-38800d 241->248 244 38803b-388041 242->244 245 388037-388039 242->245 244->241 247 388043-388054 244->247 245->244 245->247 249 388056-388064 call 386d6c 247->249 250 388067-388077 call 3882e9 247->250 248->240 249->250 255 388079-38807f 250->255 256 3880c0-3880d2 250->256 259 3880a8-3880be call 388366 255->259 260 388081-388084 255->260 257 388129-388149 WriteFile 256->257 258 3880d4-3880da 256->258 261 38814b-388151 GetLastError 257->261 262 388154 257->262 264 3880dc-3880df 258->264 265 388115-388122 call 388795 258->265 277 3880a1-3880a3 259->277 266 38808f-38809e call 38872d 260->266 267 388086-388089 260->267 261->262 272 388157-388162 262->272 273 388101-388113 call 388959 264->273 274 3880e1-3880e4 264->274 276 388127 265->276 266->277 267->266 268 388169-38816c 267->268 280 38816f-388171 268->280 278 3881cc-3881cf 272->278 279 388164-388167 272->279 284 3880fc-3880ff 273->284 274->280 281 3880ea-3880f7 call 388870 274->281 276->284 277->272 278->240 279->268 285 38819f-3881ab 280->285 286 388173-388178 280->286 281->284 284->277 288 3881ad-3881b3 285->288 289 3881b5-3881c7 285->289 290 38817a-38818c 286->290 291 388191-38819a call 37c6f0 286->291 288->238 288->289 289->248 290->248 291->248
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00388366: GetConsoleOutputCP.KERNEL32(BB0EE090,00000000,00000000,?), ref: 003883C9
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,?,?,?,00378191,?,003783F3), ref: 00388141
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00378191,?,003783F3,?,003783F3,?,?,?,?,?,?,?,?,?,?), ref: 0038814B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2915228174-0
                                                                                                                                                                                                                                                                            • Opcode ID: a06c9c64f91f24cfa6a9a6e07adcbbce0c732487c9b65b81a0563a3404ad4ad6
                                                                                                                                                                                                                                                                            • Instruction ID: d07a59b6b249b3b8ba9b3090e8aab653b23d36d8b80b038fec72186594a22edd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a06c9c64f91f24cfa6a9a6e07adcbbce0c732487c9b65b81a0563a3404ad4ad6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2861B7B1D04219BFDF12EFA8CC45AEEBBB9AF09304F550185E904AB252DB36D905CB90
                                                                                                                                                                                                                                                                            Function 00388795 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 294 388795-3887ea call 374790 297 3887ec 294->297 298 38885f-38886f call 3711f9 294->298 300 3887f2 297->300 301 3887f8-3887fa 300->301 303 3887fc-388801 301->303 304 388814-388839 WriteFile 301->304 305 38880a-388812 303->305 306 388803-388809 303->306 307 38883b-388846 304->307 308 388857-38885d GetLastError 304->308 305->301 305->304 306->305 307->298 309 388848-388853 307->309 308->298 309->300 310 388855 309->310 310->298
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,00388127,?,003783F3,?,?,?,00000000), ref: 00388831
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00388127,?,003783F3,?,?,?,00000000,?,?,?,?,?,00378191,?,003783F3), ref: 00388857
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 442123175-0
                                                                                                                                                                                                                                                                            • Opcode ID: acaac1654caf8bb749f7b2e19a215bd7966686fdc7c107e2c53f7422ad18f0d4
                                                                                                                                                                                                                                                                            • Instruction ID: a45985f2f953f45a4de2ff9c7fe36a8e57e85ba4bec9546e53a9c6dd4800b1e3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: acaac1654caf8bb749f7b2e19a215bd7966686fdc7c107e2c53f7422ad18f0d4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C218035A002189FCF1ADF29DD809E9B7BAEF48305F6445EAE90AD7211DB309D42CB60
                                                                                                                                                                                                                                                                            Function 00363E90 Relevance: 3.1, APIs: 2, Instructions: 72COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00363EAF
                                                                                                                                                                                                                                                                              • Part of subcall function 00364360: std::_Lockit::_Lockit.LIBCPMT ref: 0036438E
                                                                                                                                                                                                                                                                              • Part of subcall function 00364360: std::_Lockit::~_Lockit.LIBCPMT ref: 003643B9
                                                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00363F7B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 593203224-0
                                                                                                                                                                                                                                                                            • Opcode ID: 6efbd9090ed177236fe12ab01a67771b67dd419736eaf7c16ccfd6986bfe002a
                                                                                                                                                                                                                                                                            • Instruction ID: d18f401807e118f25e2b094847061b140d40ca9e55055f7171947de40b3054b8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6efbd9090ed177236fe12ab01a67771b67dd419736eaf7c16ccfd6986bfe002a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B31E8B4D00209DFCB05EFA8D4855AEBBF4FF09300F10846AE856AB355EB34AA44CB91
                                                                                                                                                                                                                                                                            Function 00381F19 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 341 381f19-381f1e 342 381f20-381f38 341->342 343 381f3a-381f3e 342->343 344 381f46-381f4f 342->344 343->344 347 381f40-381f44 343->347 345 381f61 344->345 346 381f51-381f54 344->346 350 381f63-381f70 GetStdHandle 345->350 348 381f5d-381f5f 346->348 349 381f56-381f5b 346->349 351 381fbb-381fbf 347->351 348->350 349->350 352 381f9d-381faf 350->352 353 381f72-381f74 350->353 351->342 354 381fc5-381fc8 351->354 352->351 356 381fb1-381fb4 352->356 353->352 355 381f76-381f7f GetFileType 353->355 355->352 357 381f81-381f8a 355->357 356->351 358 381f8c-381f90 357->358 359 381f92-381f95 357->359 358->351 359->351 360 381f97-381f9b 359->360 360->351
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,?,00000000,00381E08,0039B810), ref: 00381F65
                                                                                                                                                                                                                                                                            • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00381E08,0039B810), ref: 00381F77
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileHandleType
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3000768030-0
                                                                                                                                                                                                                                                                            • Opcode ID: e325579f1de3dad7357eac3e6e5f9088a5f0c9078d8ea374830d8f4fcef8e5ef
                                                                                                                                                                                                                                                                            • Instruction ID: 13e96f72e47281eafffe8e64ff4790202e5f6d78bcc62ebe8cf5ec4f03ce1d89
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e325579f1de3dad7357eac3e6e5f9088a5f0c9078d8ea374830d8f4fcef8e5ef
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01119331208B414AC7326E3E9CC8622BA9CAB56330F39079AE2B6C65F1C730D987D741
                                                                                                                                                                                                                                                                            Function 00361B80 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32 ref: 00361BA8
                                                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32 ref: 00361BC8
                                                                                                                                                                                                                                                                              • Part of subcall function 00361870: CreateFileA.KERNELBASE ref: 003618F3
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileModule$CreateHandleName
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2828212432-0
                                                                                                                                                                                                                                                                            • Opcode ID: 68137d50fc77618e6c282128039f573d7198a2fe7d2ce1133b02aa654e380297
                                                                                                                                                                                                                                                                            • Instruction ID: 3aea032fdd9375b83ecc58266d2eddd5781bb3e5e145da79cc1226a2c232a38b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68137d50fc77618e6c282128039f573d7198a2fe7d2ce1133b02aa654e380297
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ADF01DB19042088FC750EF78D94539DBBF8AB04300F4185AED4CDD7250EA7599888F82
                                                                                                                                                                                                                                                                            Function 00380487 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 366 380487-380490 367 3804bf-3804c0 366->367 368 380492-3804a5 RtlFreeHeap 366->368 368->367 369 3804a7-3804be GetLastError call 37c6ad call 37c664 368->369 369->367
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,00000000,?,003846B0,?,00000000,?,?,00384350,?,00000007,?,?,00384C96,?,?), ref: 0038049D
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,003846B0,?,00000000,?,?,00384350,?,00000007,?,?,00384C96,?,?), ref: 003804A8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 485612231-0
                                                                                                                                                                                                                                                                            • Opcode ID: 31428d812dd594a42185b8e000ad0174dd4ec5c4b2555e6ceddbad05499281d3
                                                                                                                                                                                                                                                                            • Instruction ID: 026b16b05f8e2cdf35d2faf0eb8c6ce7afc6965bab8cc4c71ee5374f8cb50b26
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31428d812dd594a42185b8e000ad0174dd4ec5c4b2555e6ceddbad05499281d3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61E08C32200B04AFCB232BE5EC08B993A6CDB41751F1A8066FB0CDA060CA3A8840CBC4
                                                                                                                                                                                                                                                                            Function 0037294E Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 374 37294e-372968 375 372971-372979 374->375 376 37296a-37296c 374->376 378 37297b-372985 375->378 379 37299a-37299e 375->379 377 372a4a-372a57 call 3711f9 376->377 378->379 387 372987-372998 378->387 382 372a46 379->382 383 3729a4-3729b5 call 3731de 379->383 386 372a49 382->386 390 3729b7-3729bb 383->390 391 3729bd-3729f1 383->391 386->377 389 372a13-372a15 387->389 389->386 392 372a04 call 372305 390->392 397 372a17-372a1f 391->397 398 3729f3-3729f6 391->398 396 372a09-372a10 392->396 396->389 399 372a34-372a44 397->399 400 372a21-372a32 call 37df69 397->400 398->397 401 3729f8-3729fc 398->401 399->386 400->382 400->399 401->382 403 3729fe-372a01 401->403 403->392
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 775cadc7a2574e3760133170d2812b212da0d7ee7adc77ff78f071352d9d3a75
                                                                                                                                                                                                                                                                            • Instruction ID: 0f2214713fe9c2a539f34ea0caf23b660d48822217bc04a6754b5cc03a326ac6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 775cadc7a2574e3760133170d2812b212da0d7ee7adc77ff78f071352d9d3a75
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E031953290011AEFCB36CF68C8909EEB7B9FF09320B14826AE555E7690DB35ED54CB50
                                                                                                                                                                                                                                                                            Function 00371A88 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 003719F9: GetModuleHandleExW.KERNEL32(00000002,00000000,6,?,?,003719BC,?,?,0037198D,?,?,?,0036E1E1), ref: 00371A05
                                                                                                                                                                                                                                                                            • FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,BB0EE090,?,?,?,00390244,000000FF), ref: 00371AEF
                                                                                                                                                                                                                                                                              • Part of subcall function 0036B1F0: std::_Throw_Cpp_error.LIBCPMT ref: 0036B21C
                                                                                                                                                                                                                                                                              • Part of subcall function 0036B1F0: std::_Throw_Cpp_error.LIBCPMT ref: 0036B238
                                                                                                                                                                                                                                                                              • Part of subcall function 0037386F: ReleaseSRWLockExclusive.KERNEL32(?,?,?,0036B2B9,?,0036F9C2), ref: 00373884
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$CallbackExclusiveFreeHandleLibraryLockModuleReleaseReturnsWhen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1423221283-0
                                                                                                                                                                                                                                                                            • Opcode ID: f1ec65e0cf6820ce77230c34bc1a32214c79078eeee2b375d3deaf9d4636d9b0
                                                                                                                                                                                                                                                                            • Instruction ID: 474a47a2f929c881a8aa62023b26f25cc7cd94affd8934118d33c96771647e38
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f1ec65e0cf6820ce77230c34bc1a32214c79078eeee2b375d3deaf9d4636d9b0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D11C833640604EBCB37AB6D9C15A2E77ACEB46B20F11C51BF5099B291DF3AD841CA91
                                                                                                                                                                                                                                                                            Function 00372940 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalLeaveSection
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3988221542-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7a2f615800a2ddc9905411eb687317013c4314e5f601c7e0539f2277a528a541
                                                                                                                                                                                                                                                                            • Instruction ID: 338d20ee5464596d95a5cb654c0608041b652084a491e2ee19fa6e4155b1b83d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a2f615800a2ddc9905411eb687317013c4314e5f601c7e0539f2277a528a541
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B30149376081464ECB77DE7CA865A6ABF20EF86334F24C16FD159D80C2CF1A4821C210
                                                                                                                                                                                                                                                                            Function 003804C1 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,?,0037119F,?,?,003631F2,00001000,?,0036313A), ref: 003804F3
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                            • Opcode ID: 919e2c9b75860e59382be9472e48df83114e73eab0051b6ff36493806407543c
                                                                                                                                                                                                                                                                            • Instruction ID: 3ee7c85319c1987abcc4f2b71c53a334a0ec5e234fe37eee38ac58300a2014e7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 919e2c9b75860e59382be9472e48df83114e73eab0051b6ff36493806407543c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DE0303118471157EA7736669C00B6B365C9F427B0F1681A1AE199B491DA54D8058BA1
                                                                                                                                                                                                                                                                            Function 00370500 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00370521
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                                                                                                                            • Opcode ID: e661e17063f482c27c2836dd3bd1e7e1a569301e29a1a9b0824203d682e51f04
                                                                                                                                                                                                                                                                            • Instruction ID: 732cce0e8e22fbdbfeed55535cbdb5bbe42441db086edfc2f543548c5bc582c7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e661e17063f482c27c2836dd3bd1e7e1a569301e29a1a9b0824203d682e51f04
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11E04F70C0820CEBCB15EFA4D14146EBBB4AF40310F1080A9E8499B351EB359E54CF41
                                                                                                                                                                                                                                                                            Function 0036B9E0 Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0036BA01
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                                                                                                                            • Opcode ID: d54092ffe385f37bf38e100b09a46dbf490ab7c81b07d1c2ddcf268f775d5759
                                                                                                                                                                                                                                                                            • Instruction ID: 2b2eb65921181281cf62c8a488e808925c0ff3f73d54d059ebf85f66d938c99f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d54092ffe385f37bf38e100b09a46dbf490ab7c81b07d1c2ddcf268f775d5759
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9E0BF30D4420C9BCB15EFA8D1955ADFBB4AF44318F1080A9E4199B355EB315E94CF45

                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                            Function 00385DD3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,2000000B,003857A4,00000002,00000000,?,?,?,003857A4,?,00000000), ref: 00385E6C
                                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20001004,003857A4,00000002,00000000,?,?,?,003857A4,?,00000000), ref: 00385E95
                                                                                                                                                                                                                                                                            • GetACP.KERNEL32(?,?,003857A4,?,00000000), ref: 00385EAA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                                                                            • String ID: ACP$OCP
                                                                                                                                                                                                                                                                            • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                            • Opcode ID: 03f94f948463e14df3749c956c333360f2b361826485af0f1ee168c7e2116765
                                                                                                                                                                                                                                                                            • Instruction ID: 434ebc21d4be08bc6fb508de33544b34d3d89818b395140f599a637df76d5d00
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 03f94f948463e14df3749c956c333360f2b361826485af0f1ee168c7e2116765
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A219536601B00AADB37AF54CD00AD773AAEB54F55B5784A4E90AE7500E732FF40C390
                                                                                                                                                                                                                                                                            Function 0038566E Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: GetLastError.KERNEL32(00000000,?,00382A49), ref: 00380717
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: SetLastError.KERNEL32(00000000,?,?,00000028,0037D2C9), ref: 003807B9
                                                                                                                                                                                                                                                                            • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 00385776
                                                                                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000), ref: 003857B4
                                                                                                                                                                                                                                                                            • IsValidLocale.KERNEL32(?,00000001), ref: 003857C7
                                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0038580F
                                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0038582A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 415426439-0
                                                                                                                                                                                                                                                                            • Opcode ID: ea9b040ac73d7af57e5bab73cb695c4d61d77b773f5676f6743d6c73aae08751
                                                                                                                                                                                                                                                                            • Instruction ID: c481caaf40ec89236088e8190964e5188bec2ac55dae1a15442f95b2cefe048c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea9b040ac73d7af57e5bab73cb695c4d61d77b773f5676f6743d6c73aae08751
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D515E71A01B09EFEF12EFA4CC41AAE77B8BF04701F1544EAB951EB191E770DA448B61
                                                                                                                                                                                                                                                                            Function 0037E930 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 940c0e5d6642d71f3349d6853f9f47a4d852d201499cf18fcd482ab34cbb11e5
                                                                                                                                                                                                                                                                            • Instruction ID: 7e6557abdd456f64029347f27bdea27bbef011d2fca6ec7af6c1c070837202c2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 940c0e5d6642d71f3349d6853f9f47a4d852d201499cf18fcd482ab34cbb11e5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB022B75E012199FDF25CFA8D8806AEFBF1FF48314F2582A9D519AB340D735A941CB90
                                                                                                                                                                                                                                                                            Function 003863B5 Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003864A5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileFindFirst
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1974802433-0
                                                                                                                                                                                                                                                                            • Opcode ID: d7ca7bdbb879ddba343d7b496910499df501c07582ff25c5d8564f6ab2ab3b8f
                                                                                                                                                                                                                                                                            • Instruction ID: 560474db1258a47c1393a91b3545e07a170290bd1aa19fa0aa96ebd12eab8271
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7ca7bdbb879ddba343d7b496910499df501c07582ff25c5d8564f6ab2ab3b8f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE71E7B1D452689FDF22BF38CC9AAFEBBB9AB05300F5541D9E04997211DB358E848F10
                                                                                                                                                                                                                                                                            Function 00374073 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 0037407F
                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 0037414B
                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00374164
                                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 0037416E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 254469556-0
                                                                                                                                                                                                                                                                            • Opcode ID: 6ff7842239ee9178bae07003b2f132ae7107738f06e9a4d873530e0a72a6f0e8
                                                                                                                                                                                                                                                                            • Instruction ID: 7180e4d1162a673840542c49a51d01403f52824f512a90ceefb32bf6c7809407
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ff7842239ee9178bae07003b2f132ae7107738f06e9a4d873530e0a72a6f0e8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7031E875D012289BDF21EFA4D9497CDBBB8AF08300F1041AAE50DAB250EB759B85DF85
                                                                                                                                                                                                                                                                            Function 0038595A Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: GetLastError.KERNEL32(00000000,?,00382A49), ref: 00380717
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: SetLastError.KERNEL32(00000000,?,?,00000028,0037D2C9), ref: 003807B9
                                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 003859AE
                                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 003859F8
                                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00385ABE
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 661929714-0
                                                                                                                                                                                                                                                                            • Opcode ID: 195e13fb6d6e8f09bde6f1136f161a50319da4002c4acd86f3eafca956b82d0f
                                                                                                                                                                                                                                                                            • Instruction ID: dcba74508019d4af9fb8ad3dc907c04f30a59612e5f184e977c128f5ae616a85
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 195e13fb6d6e8f09bde6f1136f161a50319da4002c4acd86f3eafca956b82d0f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31619071500B179FDB2BAF28CCC2BBA77A8EF14350F1141E9E905CA681E778D995CB50
                                                                                                                                                                                                                                                                            Function 0037CDB0 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0037CEA8
                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0037CEB2
                                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 0037CEBF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1b00a0ebe1f02b3c11093e2d5870b24692b7383b80ad8cdf0ec2cd1e8b8b6821
                                                                                                                                                                                                                                                                            • Instruction ID: dfbc3107e38c9eddbe925f8dec01e48b90deaec7a8115972b301c60acf17fdc4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b00a0ebe1f02b3c11093e2d5870b24692b7383b80ad8cdf0ec2cd1e8b8b6821
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF31C57595122C9BCB22DF28DD8978DBBB8BF08310F5081EAE41CA7251E7749F858F45
                                                                                                                                                                                                                                                                            Function 003858BF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: GetLastError.KERNEL32(00000000,?,00382A49), ref: 00380717
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: SetLastError.KERNEL32(00000000,?,?,00000028,0037D2C9), ref: 003807B9
                                                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0038595A,00000001,00000000,?,-00000050,?,0038574A,00000000,-00000002,00000000,?,00000055,?), ref: 00385931
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                            • String ID: JW8
                                                                                                                                                                                                                                                                            • API String ID: 2417226690-1605673481
                                                                                                                                                                                                                                                                            • Opcode ID: 742a12fd988c08179f5fce37371829946a494c56db283a665589499d50905272
                                                                                                                                                                                                                                                                            • Instruction ID: 736c4d8e6381eaefd83fa2b95631d47854b3b519467d659b35d58f352f8622d5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 742a12fd988c08179f5fce37371829946a494c56db283a665589499d50905272
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29114C3B200B019FDB19AF39C8A15BAB792FF84329B15442DE98787640D371B802CB40
                                                                                                                                                                                                                                                                            Function 00386304 Relevance: 1.7, APIs: 1, Instructions: 199fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00381797: HeapAlloc.KERNEL32(00000008,00001000,?,?,003808B1,00000001,00000364,?,00000006,000000FF,?,?,0037C669,00380504), ref: 003817D8
                                                                                                                                                                                                                                                                            • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003864A5
                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00386599
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 003865D8
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0038660B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Find$CloseFile$AllocFirstHeapNext
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2701053895-0
                                                                                                                                                                                                                                                                            • Opcode ID: 10ecac4c4d4754358a98d1173d11b5a9a9a09a47506000cbd9a7b4093a35d551
                                                                                                                                                                                                                                                                            • Instruction ID: ca0b627d0942f38ec1e94f4d1011a64c9e13c8bf826d45205623f5911ec50882
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10ecac4c4d4754358a98d1173d11b5a9a9a09a47506000cbd9a7b4093a35d551
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3517775900318AFDF26BF389C86ABEB7ADDF85314F2441DDF4099B211EA308D459B20
                                                                                                                                                                                                                                                                            Function 00385C0C Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: GetLastError.KERNEL32(00000000,?,00382A49), ref: 00380717
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: SetLastError.KERNEL32(00000000,?,?,00000028,0037D2C9), ref: 003807B9
                                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00385C60
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3736152602-0
                                                                                                                                                                                                                                                                            • Opcode ID: a366ebbf0e6c21a5cc67d987a6c60e4047c57d45c551233a3c16ae86b841cb2b
                                                                                                                                                                                                                                                                            • Instruction ID: 0aca4ec3a6d7d7590cab23201118df056a432bdd28de1be83ea17f671a81ed31
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a366ebbf0e6c21a5cc67d987a6c60e4047c57d45c551233a3c16ae86b841cb2b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF218372615706ABDB2ABF29DD42A7B73BCEF44710F5000AAF905DA241EB74ED448B50
                                                                                                                                                                                                                                                                            Function 00385D2C Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: GetLastError.KERNEL32(00000000,?,00382A49), ref: 00380717
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: SetLastError.KERNEL32(00000000,?,?,00000028,0037D2C9), ref: 003807B9
                                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00385D80
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3736152602-0
                                                                                                                                                                                                                                                                            • Opcode ID: fcb664839de4dd38804f60d34437008ad17ddbe31ab89b143625d683ad7a88db
                                                                                                                                                                                                                                                                            • Instruction ID: 1bbc55236a69b873b0aab95332f398788c497a4c7045257afbfea28fb75739ed
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fcb664839de4dd38804f60d34437008ad17ddbe31ab89b143625d683ad7a88db
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B11EC326017069BD71ABF24DC46ABA73ECEF04310B1040BAF901DB141DB34ED448750
                                                                                                                                                                                                                                                                            Function 00385ED9 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: GetLastError.KERNEL32(00000000,?,00382A49), ref: 00380717
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: SetLastError.KERNEL32(00000000,?,?,00000028,0037D2C9), ref: 003807B9
                                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00385B76,00000000,00000000,?), ref: 00385F05
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3736152602-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1c696b29bbef0a188baa418c0e135eed98ab61772c4527dc5cb42796c0f8a990
                                                                                                                                                                                                                                                                            • Instruction ID: 55c497e6ce45a8945461f322e3b2e918875d60af12b14d2f2220f1023e7884c9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c696b29bbef0a188baa418c0e135eed98ab61772c4527dc5cb42796c0f8a990
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1701D632A08712EBDB296A258C06BBA3759DB40755F1644A9EE42A7180EA70FE41C7D0
                                                                                                                                                                                                                                                                            Function 00385BAD Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: GetLastError.KERNEL32(00000000,?,00382A49), ref: 00380717
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: SetLastError.KERNEL32(00000000,?,?,00000028,0037D2C9), ref: 003807B9
                                                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(00385C0C,00000001,?,?,-00000050,?,00385712,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?), ref: 00385BF7
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                            • Opcode ID: e68d352c5ed5d9139d94da030b1550a07c80ad1e1c8a2d61581733fd2b93fd10
                                                                                                                                                                                                                                                                            • Instruction ID: 410e8210c5e4222c4b4cf823db4b9c1ea503f9901fcc8c414586ab38dc5a51a3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e68d352c5ed5d9139d94da030b1550a07c80ad1e1c8a2d61581733fd2b93fd10
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76F0F6363047045FDB2A6F39D881A7ABB95EF81768F1684ADF9458B680D6B1AC01CB50
                                                                                                                                                                                                                                                                            Function 003816A7 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0037D047: EnterCriticalSection.KERNEL32(?,?,0037A841,00000000,0039B3D8,0000000C,0037A7FA,00001000,?,003817CA,00001000,?,003808B1,00000001,00000364,?), ref: 0037D056
                                                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0038169A,00000001,0039B7F0,0000000C,003810A8,-00000050), ref: 003816DF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1272433827-0
                                                                                                                                                                                                                                                                            • Opcode ID: 84b876734eacef031e17aa38c1eb2d9d63ff4170c9ff68da385c9cc27ad80a97
                                                                                                                                                                                                                                                                            • Instruction ID: 338470c361236a6b0bf598a0b4e46d161601d48e3ae0284b79c8b3504b543d15
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84b876734eacef031e17aa38c1eb2d9d63ff4170c9ff68da385c9cc27ad80a97
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96F0493AA00204DFD722EF98E806B9DB7F8EB45721F00826AF414DB3A1D77A9900CF50
                                                                                                                                                                                                                                                                            Function 00385CE1 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: GetLastError.KERNEL32(00000000,?,00382A49), ref: 00380717
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: SetLastError.KERNEL32(00000000,?,?,00000028,0037D2C9), ref: 003807B9
                                                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(00385D2C,00000001,?,?,?,0038576C,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?,?), ref: 00385D18
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                            • Opcode ID: 795ac47ab440b7ab9ef2004eef814e66014a1d4ad0f564e55e4d5d5b924f988e
                                                                                                                                                                                                                                                                            • Instruction ID: 51c0aebcab91baa8cc2f6b6f70c7b21ae1f02a47811481f3593a942a38191610
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 795ac47ab440b7ab9ef2004eef814e66014a1d4ad0f564e55e4d5d5b924f988e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2F0E53A30070957CB16AF35D85966ABFA4EFC2710B074099EE058B290C6B1A846CB90
                                                                                                                                                                                                                                                                            Function 003811AC Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,00000000,?,0037BDA3,?,20001004,00000000,00000002,?,?,0037ACB5), ref: 003811E0
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                            • Opcode ID: a3b39442cbbb238531092bfab37a9bbdc659830500c0e8b9bae07499b5351f2f
                                                                                                                                                                                                                                                                            • Instruction ID: 779e1d888fdc582e6cb63081c9798daba10d942ac4a5ceed6a8ad8e1604503e7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3b39442cbbb238531092bfab37a9bbdc659830500c0e8b9bae07499b5351f2f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FBE04F31500618BBCF233F61EC08A9E3F2EEF44760F014151FD0665120CB728A22ABD1
                                                                                                                                                                                                                                                                            Function 00374067 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_00014188), ref: 0037406C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                            • Opcode ID: cb1ffeea5b64431d3c923d3000556f12ba1eeca2125f493f51d57f70d74e7d9b
                                                                                                                                                                                                                                                                            • Instruction ID: 06e89681db2f5e60051a41c66158b0be7359beec967ad04e39f1508722f90633
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb1ffeea5b64431d3c923d3000556f12ba1eeca2125f493f51d57f70d74e7d9b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                            Function 00381DBC Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: HeapProcess
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 54951025-0
                                                                                                                                                                                                                                                                            • Opcode ID: ad8111bb70b6f2147b1d072b7aa074803f00d40c6073c0f9d585694ddf991f48
                                                                                                                                                                                                                                                                            • Instruction ID: 446a48d91bc9b7db0ea58214360a540bbe930376287ddfadb70371c20538f29b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad8111bb70b6f2147b1d072b7aa074803f00d40c6073c0f9d585694ddf991f48
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8A00170601601CFD7428F3AAA496093AADAA4A791B4A816AA459C5164EA268494AF82
                                                                                                                                                                                                                                                                            Function 0038EDF2 Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCPInfo.KERNEL32(0150FBE0,0150FBE0,00000000,7FFFFFFF,?,0038EDDD,0150FBE0,0150FBE0,00000000,0150FBE0,?,?,?,?,0150FBE0,00000000), ref: 0038EE98
                                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0038EF53
                                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0038EFE2
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0038F02D
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0038F033
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0038F069
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0038F06F
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0038F07F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __freea$__alloca_probe_16$Info
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 127012223-0
                                                                                                                                                                                                                                                                            • Opcode ID: b2d861ceda3ecccfc1293bdc00af987b27e82558999fe61127d571aceb215233
                                                                                                                                                                                                                                                                            • Instruction ID: 490c950fdb73ad1aee07e93b4ab66fc9ceff8248bd2893bae76cc9f650e71698
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2d861ceda3ecccfc1293bdc00af987b27e82558999fe61127d571aceb215233
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6471C8B2904309AFDF33BEA48C41BAF77B9AF45350F1A41E5F904AB282D7759C418761
                                                                                                                                                                                                                                                                            Function 003745A9 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 003745F0
                                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0037461C
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 0037465B
                                                                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00374678
                                                                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 003746B7
                                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 003746D4
                                                                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00374716
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00374739
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2040435927-0
                                                                                                                                                                                                                                                                            • Opcode ID: f7cb99bb1693f88c696c67cf24dee86c8a7c1a6493507d9349fe5bd5b6e7a33e
                                                                                                                                                                                                                                                                            • Instruction ID: 1ea3068dd2257b48447434e204891f759213555cec3eb1fb61323c7226efcaa5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f7cb99bb1693f88c696c67cf24dee86c8a7c1a6493507d9349fe5bd5b6e7a33e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3651E272600246AFEF364F64CC45FAB7BA9EF45740F168129F929EA190D738ED00CB60
                                                                                                                                                                                                                                                                            Function 00383332 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _strrchr
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3213747228-0
                                                                                                                                                                                                                                                                            • Opcode ID: 28ab9ecce4e15e3143315e353018c5f3af88507dfb5dc82ed59a1ff67c68ab01
                                                                                                                                                                                                                                                                            • Instruction ID: 8254fc7ede93cdc816d746c9c412325d3b4edd1fdadb5dae9fdbd79bbdcd505c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28ab9ecce4e15e3143315e353018c5f3af88507dfb5dc82ed59a1ff67c68ab01
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4DB17772A01355AFDB17AF68CC81BAE7BA5EF56B10F1541E5E804AF382D274DB01C7A0
                                                                                                                                                                                                                                                                            Function 0037FB24 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 0037FC43
                                                                                                                                                                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 0037FEBC
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CallUnexpectedtype_info::operator==
                                                                                                                                                                                                                                                                            • String ID: `#9$csm$csm$csm
                                                                                                                                                                                                                                                                            • API String ID: 2673424686-492565039
                                                                                                                                                                                                                                                                            • Opcode ID: 0940ef2abba5241a25e4feb2d148dbeb91bbffa00c726e9931527c4366cb6d8a
                                                                                                                                                                                                                                                                            • Instruction ID: 0ef0c3ada1fc9d50432e95d1905feb6229ffa2009896f1d3177da6d54d8bae8a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0940ef2abba5241a25e4feb2d148dbeb91bbffa00c726e9931527c4366cb6d8a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74B17E75800209EFCF36DFA4C8819AEB7B5FF04310F11856AF8196B616D739DA51CBA1
                                                                                                                                                                                                                                                                            Function 00375440 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00375477
                                                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0037547F
                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00375508
                                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00375533
                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00375588
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                            • Opcode ID: d7b2a1579fc8b038a816ba1a224370d610d2197cf3e47dfc26425c17dab89f13
                                                                                                                                                                                                                                                                            • Instruction ID: eea91f71214cb33bd45f4a33df487dcf433d41f277f5c2646413b9b898f7cd99
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7b2a1579fc8b038a816ba1a224370d610d2197cf3e47dfc26425c17dab89f13
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B41F330A006089BCF2AEF69C884A9E7BB6AF05324F14C195E91D6F352D7B5DE45CF90
                                                                                                                                                                                                                                                                            Function 0037388E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 116threadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 003738A2
                                                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?,?,?,0037386B,?,00000000,?,0036B20C,?,?,0036D57E), ref: 003738C1
                                                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,0037386B,?,00000000,?,0036B20C,?,?,0036D57E), ref: 003738EF
                                                                                                                                                                                                                                                                            • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,0037386B,?,00000000,?,0036B20C,?,?,0036D57E), ref: 0037394A
                                                                                                                                                                                                                                                                            • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,0037386B,?,00000000,?,0036B20C,?,?,0036D57E), ref: 00373961
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                                                                                                                                                                            • String ID: k87
                                                                                                                                                                                                                                                                            • API String ID: 66001078-350348327
                                                                                                                                                                                                                                                                            • Opcode ID: 4eee5328e29a8997b94184188c29c31a8f7d0e0aac3ebb1f1753d30eef60f645
                                                                                                                                                                                                                                                                            • Instruction ID: ca34eab4a712d8afe08bda4e34832b46c88456c15e7f36790cef09f6232843ea
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4eee5328e29a8997b94184188c29c31a8f7d0e0aac3ebb1f1753d30eef60f645
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2416F31504A06DFCB32DF65C480BA9F3F8FF4A310B518A1AE64AD7540E778EA45EB51
                                                                                                                                                                                                                                                                            Function 003813F9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,BB0EE090,?,00381508,003631F2,?,00000000,?), ref: 003814BA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                            • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                                            • Opcode ID: 9170e09c8bdd91376c84b7ae4416657c331f3746575bba14eb3f0634fbef3193
                                                                                                                                                                                                                                                                            • Instruction ID: 6ce23a82e104f594d1dd5a8c123a35e1d6ab3239994083963100092b6d2c1534
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9170e09c8bdd91376c84b7ae4416657c331f3746575bba14eb3f0634fbef3193
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E212731A01311ABDB23AB66EC45A5A377C9B42374F370291E806E72D1E731ED02C7D0
                                                                                                                                                                                                                                                                            Function 003747BB Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 003747C1
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 003747CF
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 003747E0
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                            • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                                                                                                            • API String ID: 667068680-1047828073
                                                                                                                                                                                                                                                                            • Opcode ID: 2d1cdfa811a9fc0fe9a79996e70e895e25a05898a06a086c5802df3fd6450e62
                                                                                                                                                                                                                                                                            • Instruction ID: 0f52050422cccb7b90a2c88cfba0ce81d01725c9253c1f921ad4cf010e736645
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d1cdfa811a9fc0fe9a79996e70e895e25a05898a06a086c5802df3fd6450e62
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AD05E31625610AF8B039B70BC4D8853ABCAB073017020153F840D21A0EB7508008A96
                                                                                                                                                                                                                                                                            Function 00388F96 Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 642c75c03e6f90b0dc4662d7d047a2a4bff8435d94539461937e880ed4be1f6f
                                                                                                                                                                                                                                                                            • Instruction ID: dd438498bd606927daedfcc2be9dcf0d0d43b4d66ffc3f64f748fe65879b0d61
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 642c75c03e6f90b0dc4662d7d047a2a4bff8435d94539461937e880ed4be1f6f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9B10470A04349AFDB17EFA8C885BBD7BB5BF4A304F1941DAE804AB292C7759D41CB50
                                                                                                                                                                                                                                                                            Function 0037F2AC Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,0037F2A3,00374E61,003741CC), ref: 0037F2BA
                                                                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0037F2C8
                                                                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0037F2E1
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,0037F2A3,00374E61,003741CC), ref: 0037F333
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                            • Opcode ID: eaa9707d4a71d0ed9ed988362f58d540714c507f197076d5e368eb2c2f29a95b
                                                                                                                                                                                                                                                                            • Instruction ID: 9bc6318d8ba37566d8d11d2df5bef5a1e4b4421fc290f87205fb73a7cf355668
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eaa9707d4a71d0ed9ed988362f58d540714c507f197076d5e368eb2c2f29a95b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1001B13B21D7115EF63736B8BC8696B2A99FF06375B21423FF518491F2EF568C019240
                                                                                                                                                                                                                                                                            Function 0037A53C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB0EE090,?,?,00000000,00390244,000000FF,?,0037A5FD,0037A4E4,?,0037A699,00000000), ref: 0037A571
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0037A583
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000,00390244,000000FF,?,0037A5FD,0037A4E4,?,0037A699,00000000), ref: 0037A5A5
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                            • Opcode ID: 89dbd7abe0307d1e4fca2342e982320f261f39dac2be0770bdb655c0f2a8b714
                                                                                                                                                                                                                                                                            • Instruction ID: 0dc77654bc30809e32894dabded088e824bbebdf189a1ee0fb98a74973b310ee
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89dbd7abe0307d1e4fca2342e982320f261f39dac2be0770bdb655c0f2a8b714
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4101A271A04A15AFCB139F50CC09FAEBBBCFB45B25F014626E815A22E0DB799900CE91
                                                                                                                                                                                                                                                                            Function 00381BCD Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00381C52
                                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00381D1B
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00381D82
                                                                                                                                                                                                                                                                              • Part of subcall function 003804C1: RtlAllocateHeap.NTDLL(00000000,?,?,?,0037119F,?,?,003631F2,00001000,?,0036313A), ref: 003804F3
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00381D95
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00381DA2
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1423051803-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5af4f82cd7027ad6436f7bfe07cf8e4a88bf1b2aa258f42ea25e58df6d1be3d9
                                                                                                                                                                                                                                                                            • Instruction ID: c5a6948c8ca248aaffc5be195ca1dcd080685f6f6c372dcd77c854e858bd87fa
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5af4f82cd7027ad6436f7bfe07cf8e4a88bf1b2aa258f42ea25e58df6d1be3d9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4951C572600306AFEB26BF64CC81EBB7BADEF44710B1645A9FD08DA151EB34DC168760
                                                                                                                                                                                                                                                                            Function 0037184C Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00371853
                                                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0037185E
                                                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 003718CC
                                                                                                                                                                                                                                                                              • Part of subcall function 00371755: std::locale::_Locimp::_Locimp.LIBCPMT ref: 0037176D
                                                                                                                                                                                                                                                                            • std::locale::_Setgloballocale.LIBCPMT ref: 00371879
                                                                                                                                                                                                                                                                            • _Yarn.LIBCPMT ref: 0037188F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1088826258-0
                                                                                                                                                                                                                                                                            • Opcode ID: cce93fb7f32fce5902a6430efe9f6024fc7e2909082391d491336037c74ece11
                                                                                                                                                                                                                                                                            • Instruction ID: 5473bc6cdecc1bc821b581f0724841bafe846a7a209bf8b49d5698fb4ac2cb25
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cce93fb7f32fce5902a6430efe9f6024fc7e2909082391d491336037c74ece11
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A701DF76A002109BCB2BEF28D84157C37B5BF85750B158549E8595B391EF3AAE42CB82
                                                                                                                                                                                                                                                                            Function 0038AC01 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0038AC9D,00000000,?,0039EFA0,?,?,?,0038ABD4,00000004,InitializeCriticalSectionEx,00394F0C,00394F14), ref: 0038AC0E
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0038AC9D,00000000,?,0039EFA0,?,?,?,0038ABD4,00000004,InitializeCriticalSectionEx,00394F0C,00394F14,00000000,?,0038016C), ref: 0038AC18
                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0038AC40
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                                                                                                            • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                                            • Opcode ID: 46f6c91373b9cf828b080491eba23b7b28a5b8e8cc45926956665d9de2f7478c
                                                                                                                                                                                                                                                                            • Instruction ID: bd90b3ee0349e14b046b91c8826f08ad67fe65a34d0e9a89f22a5ab24ed620aa
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46f6c91373b9cf828b080491eba23b7b28a5b8e8cc45926956665d9de2f7478c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DAE04F30380705BBFF222F61EC06F593E69AB10B42F164062F90DE80E1E766DD10878A
                                                                                                                                                                                                                                                                            Function 00388366 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetConsoleOutputCP.KERNEL32(BB0EE090,00000000,00000000,?), ref: 003883C9
                                                                                                                                                                                                                                                                              • Part of subcall function 003805D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00381D78,?,00000000,-00000008), ref: 00380632
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0038861B
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00388661
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00388704
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2112829910-0
                                                                                                                                                                                                                                                                            • Opcode ID: f2e74b0b19af17e1b20de779aab753af232376edaad83d58a26ebbd9cadd02f4
                                                                                                                                                                                                                                                                            • Instruction ID: c06599ade18d54acecd30c2bb7aade74658876793128e5fff8d4019fb3be3ded
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f2e74b0b19af17e1b20de779aab753af232376edaad83d58a26ebbd9cadd02f4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1D18975D002489FCF16DFA8C8809EDBBB9FF49314F6845AAE516EB351DB30A941CB50
                                                                                                                                                                                                                                                                            Function 0037F84B Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1740715915-0
                                                                                                                                                                                                                                                                            • Opcode ID: 46c07ac6fb765db3a439c967ce0de1aa4fd9a6220d21aa8794e87967ae7f0b9b
                                                                                                                                                                                                                                                                            • Instruction ID: 2bf793d2302544d09542ebf921b868eae563e726fcb9c4d9384af75fdc0e5a6b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46c07ac6fb765db3a439c967ce0de1aa4fd9a6220d21aa8794e87967ae7f0b9b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8051EE72A04202BFDB3B8F14D841BBAB3A4FF05710F15853DEA198B691D739AD80DB91
                                                                                                                                                                                                                                                                            Function 00386192 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 003805D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00381D78,?,00000000,-00000008), ref: 00380632
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 003861F6
                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 003861FD
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00386237
                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 0038623E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1913693674-0
                                                                                                                                                                                                                                                                            • Opcode ID: e8b64da1515bff249c539d1751534fd14ae6a51eb1cf0f4c5597af68b0052130
                                                                                                                                                                                                                                                                            • Instruction ID: 083ee13c3afd1a02b06a165bca678a656ae279b0a294a08c0113e35b9c37e361
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e8b64da1515bff249c539d1751534fd14ae6a51eb1cf0f4c5597af68b0052130
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0421D471600705AFDB32BFA1CC8692AB7ADFF40364711899DF9299B602D735EC00CBA0
                                                                                                                                                                                                                                                                            Function 003772A2 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 2b37928a99174f42ab3ca7fce8737fd9fc7d8576619a71c3ab2e280079f66f1f
                                                                                                                                                                                                                                                                            • Instruction ID: aaa69ceaa2b934d91e31f84ad8113c22179bb751f605857e913288b25fe4a03b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b37928a99174f42ab3ca7fce8737fd9fc7d8576619a71c3ab2e280079f66f1f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0219575208605AFAB33AF718881D6A77ACBF40364715C929FC1DDB651D738EC009BE0
                                                                                                                                                                                                                                                                            Function 00387588 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 00387590
                                                                                                                                                                                                                                                                              • Part of subcall function 003805D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00381D78,?,00000000,-00000008), ref: 00380632
                                                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 003875C8
                                                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 003875E8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 158306478-0
                                                                                                                                                                                                                                                                            • Opcode ID: f6d9e3dff9609fe104f76f5b846ea519cd22763c456bb7a6bb9e91e71c830ee7
                                                                                                                                                                                                                                                                            • Instruction ID: 8867eed2baed7b0d8c6f4e5cc2350766964f992a4aef41a35ceb8ccc3467349d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6d9e3dff9609fe104f76f5b846ea519cd22763c456bb7a6bb9e91e71c830ee7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE1144E1609B15BEA71733B65CC9C6F296DCF8A398B2104A5F901D6001FA68CD0147B5
                                                                                                                                                                                                                                                                            Function 0037328F Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00373296
                                                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 003732A0
                                                                                                                                                                                                                                                                              • Part of subcall function 00364360: std::_Lockit::_Lockit.LIBCPMT ref: 0036438E
                                                                                                                                                                                                                                                                              • Part of subcall function 00364360: std::_Lockit::~_Lockit.LIBCPMT ref: 003643B9
                                                                                                                                                                                                                                                                            • codecvt.LIBCPMT ref: 003732DA
                                                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00373311
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3716348337-0
                                                                                                                                                                                                                                                                            • Opcode ID: 0bd462d56de08ee16046c0ed04b7f4c83747894f5d62b93b3c86cb833cf534d0
                                                                                                                                                                                                                                                                            • Instruction ID: 4de0f959edd37300f8c7ae4c6daa099dee5487ec9d1cd1057998dd8290bd5656
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0bd462d56de08ee16046c0ed04b7f4c83747894f5d62b93b3c86cb833cf534d0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0901D63AD002199BDB27EBA4D8056AD7775AF85720F248509F4196F291DF39DE00C781
                                                                                                                                                                                                                                                                            Function 0038F0B0 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,0038E59F,00000000,00000001,?,?,?,00388758,?,00000000,00000000), ref: 0038F0C7
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0038E59F,00000000,00000001,?,?,?,00388758,?,00000000,00000000,?,?,?,0038809E,?), ref: 0038F0D3
                                                                                                                                                                                                                                                                              • Part of subcall function 0038F124: CloseHandle.KERNEL32(FFFFFFFE,0038F0E3,?,0038E59F,00000000,00000001,?,?,?,00388758,?,00000000,00000000,?,?), ref: 0038F134
                                                                                                                                                                                                                                                                            • ___initconout.LIBCMT ref: 0038F0E3
                                                                                                                                                                                                                                                                              • Part of subcall function 0038F105: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0038F0A1,0038E58C,?,?,00388758,?,00000000,00000000,?), ref: 0038F118
                                                                                                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,0038E59F,00000000,00000001,?,?,?,00388758,?,00000000,00000000,?), ref: 0038F0F8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                                                                                                                                                            • Opcode ID: befa0b7543d67fab1192a156e15e6fe0d42eb93c7383bddc773cfe4bc159594d
                                                                                                                                                                                                                                                                            • Instruction ID: 2116ad6e63b943402660ec4f892fdfdd6a80f53fbc95bd648c08e6ae76bc7316
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: befa0b7543d67fab1192a156e15e6fe0d42eb93c7383bddc773cfe4bc159594d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAF0C936500629FFCF236FDADC0999A3F6AFF497A1F064561FA1899130D63388209BD1
                                                                                                                                                                                                                                                                            Function 00374C10 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00374C22
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00374C31
                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00374C3A
                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 00374C47
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                            • Opcode ID: 22e96334f44892e6303934bbe49abd79a2480d456e3f31e55ed3837d4fb6c373
                                                                                                                                                                                                                                                                            • Instruction ID: 88c9176dfe85a8f2d96e7ee3d697fa98be92a2821e608f6687941392ed1fc8e2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22e96334f44892e6303934bbe49abd79a2480d456e3f31e55ed3837d4fb6c373
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7F0B230D0020CEBCB01DBB4C94998EBBF8FF1D300F924A96A412E7110E734AB449F91
                                                                                                                                                                                                                                                                            Function 00384D72 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: GetLastError.KERNEL32(00000000,?,00382A49), ref: 00380717
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: SetLastError.KERNEL32(00000000,?,?,00000028,0037D2C9), ref: 003807B9
                                                                                                                                                                                                                                                                            • GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,0037AB4D,?,?,?,00000055,?,-00000050,?,?,?), ref: 00384E31
                                                                                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,0037AB4D,?,?,?,00000055,?,-00000050,?,?), ref: 00384E68
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$CodePageValid
                                                                                                                                                                                                                                                                            • String ID: utf8
                                                                                                                                                                                                                                                                            • API String ID: 943130320-905460609
                                                                                                                                                                                                                                                                            • Opcode ID: 4120005bdd1938027c74f34bfed4b8f32aba6428a8579e11b6fc6bc583c7ccd9
                                                                                                                                                                                                                                                                            • Instruction ID: 693d8000c960c7779180c2b560b022b38543b3d42fb40b67df875b71e42f76e2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4120005bdd1938027c74f34bfed4b8f32aba6428a8579e11b6fc6bc583c7ccd9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5651C631A04703AAEB27BB75CC86BA673A8FF45700F1544AEF645DB981F770E94087A1
                                                                                                                                                                                                                                                                            Function 0037FF48 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,0037FE49,?,?,00000000,00000000,00000000,?), ref: 0037FF6D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: EncodePointer
                                                                                                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                                                                                                            • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                                                            • Opcode ID: 5f09780507390f0e69a64c951388fc43d2c593acedfbb9c5dfdb3bc1d0359fa3
                                                                                                                                                                                                                                                                            • Instruction ID: a032666ebfbeaf6c6e61dd29814c4a49939675e9e3ae4c84f08e4a1b0f679ebc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f09780507390f0e69a64c951388fc43d2c593acedfbb9c5dfdb3bc1d0359fa3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94417E72900209AFCF2ADFA4CD41AEEBBB5FF48300F1580A9F9086B211D7399950DF51
                                                                                                                                                                                                                                                                            Function 0037F7B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0037FA2B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ___except_validate_context_record
                                                                                                                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                                                                                                                            • API String ID: 3493665558-3733052814
                                                                                                                                                                                                                                                                            • Opcode ID: 8dcd6917cac980bac4e3ca9a1e615391de348fc1e311f4b2d37507c30d95e1d7
                                                                                                                                                                                                                                                                            • Instruction ID: 9d7f37180fbf20369bec7d8506fb2b92ca4abe829b1a5d417920b7ab27b13991
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8dcd6917cac980bac4e3ca9a1e615391de348fc1e311f4b2d37507c30d95e1d7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D031CF72500209AFCF339F50D8549AA7B69FB08315B19C17AF85C4A222D33ACCA1DF91
                                                                                                                                                                                                                                                                            Function 00371F82 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0037200A
                                                                                                                                                                                                                                                                            • RaiseException.KERNEL32(?,?,?,?), ref: 0037202F
                                                                                                                                                                                                                                                                              • Part of subcall function 00374D23: RaiseException.KERNEL32(E06D7363,00000001,00000003,00373ADE,?,?,?,?,00373ADE,00001000,0039AE2C,00001000), ref: 00374D84
                                                                                                                                                                                                                                                                              • Part of subcall function 0037D2B9: IsProcessorFeaturePresent.KERNEL32(00000017,00377E7B,?,?,?,?,00000000), ref: 0037D2D5
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                                                                            • API String ID: 1924019822-1018135373
                                                                                                                                                                                                                                                                            • Opcode ID: 98d0ef06eff63c2dde43a4863884ed5b2da3a84099e56cea24c480234f91be3c
                                                                                                                                                                                                                                                                            • Instruction ID: 65376395ae2023b4f2d8a02b170789dedb8e7d74064bdf27ca622a3c19c1e8b5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98d0ef06eff63c2dde43a4863884ed5b2da3a84099e56cea24c480234f91be3c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA21BE32D002189BCF36DFA8D9819AEB3B8BF04710F15850AE909AF250D738AE45CB90
                                                                                                                                                                                                                                                                            Function 003719F9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000002,00000000,6,?,?,003719BC,?,?,0037198D,?,?,?,0036E1E1), ref: 00371A05
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000007.00000002.3074101230.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3072697042.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3076289496.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3077226676.000000000039C000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3078128510.000000000039D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3079414111.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3081912044.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000007.00000002.3088977531.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: HandleModule
                                                                                                                                                                                                                                                                            • String ID: MZx$6
                                                                                                                                                                                                                                                                            • API String ID: 4139908857-3334924336
                                                                                                                                                                                                                                                                            • Opcode ID: 1f00063df124b7dc65b27a93039e6f7525528a88d0aa4f304e1ae1fb0a1c39e3
                                                                                                                                                                                                                                                                            • Instruction ID: 6032582f8229ef9e22a8d3c04c9f094ba5dce90644fe5944f4373f9ac2fe500f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f00063df124b7dc65b27a93039e6f7525528a88d0aa4f304e1ae1fb0a1c39e3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61D02B32700204F6DB2287548D0BF9EB2EC8B40785F1080559102D50C0C2B0CB40D150

                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                            Execution Coverage:4.8%
                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                            Signature Coverage:49.1%
                                                                                                                                                                                                                                                                            Total number of Nodes:265
                                                                                                                                                                                                                                                                            Total number of Limit Nodes:18
                                                                                                                                                                                                                                                                            execution_graph 33921 436080 33922 4360a5 33921->33922 33925 436193 33922->33925 33930 43aab0 LdrInitializeThunk 33922->33930 33923 4363f7 33925->33923 33927 4362b9 33925->33927 33929 43aab0 LdrInitializeThunk 33925->33929 33927->33923 33931 43aab0 LdrInitializeThunk 33927->33931 33929->33925 33930->33922 33931->33927 33932 40c745 CoInitializeSecurity CoInitializeSecurity 33933 40d4c5 33939 409580 33933->33939 33935 40d4cd CoUninitialize 33936 40d4f0 33935->33936 33937 40d7bf CoUninitialize 33936->33937 33938 40d7e0 33937->33938 33938->33938 33940 409594 33939->33940 33940->33935 33941 431705 33942 43170a 33941->33942 33943 431740 GetSystemMetrics GetSystemMetrics 33942->33943 33944 43177f 33943->33944 33945 421dc5 33946 421dcd 33945->33946 33946->33946 33955 43d0f0 33946->33955 33948 421f11 33949 422124 33948->33949 33951 421f24 33948->33951 33954 4220ed 33948->33954 33959 41ff00 33949->33959 33951->33951 33952 4220d7 GetLogicalDrives 33951->33952 33953 43d0f0 LdrInitializeThunk 33952->33953 33953->33954 33956 43d110 33955->33956 33957 43d21e 33956->33957 33974 43aab0 LdrInitializeThunk 33956->33974 33957->33948 33975 43cf60 33959->33975 33961 420685 33961->33954 33962 41ff40 33962->33961 33979 439110 33962->33979 33964 41ff99 33970 420025 33964->33970 33982 43aab0 LdrInitializeThunk 33964->33982 33966 4205eb 33967 439130 RtlFreeHeap 33966->33967 33969 4205fb 33967->33969 33968 439110 RtlAllocateHeap 33968->33970 33969->33961 33988 43aab0 LdrInitializeThunk 33969->33988 33970->33966 33970->33968 33983 43aab0 LdrInitializeThunk 33970->33983 33984 439130 33970->33984 33974->33957 33976 43cf80 33975->33976 33977 43d098 33976->33977 33989 43aab0 LdrInitializeThunk 33976->33989 33977->33962 33990 43c3f0 33979->33990 33981 43911a RtlAllocateHeap 33981->33964 33982->33964 33983->33970 33985 439145 33984->33985 33986 43914b RtlFreeHeap 33984->33986 33987 439143 33984->33987 33985->33986 33986->33970 33987->33970 33987->33987 33988->33969 33989->33977 33991 43c410 33990->33991 33991->33981 33991->33991 33992 434608 33995 43c7c0 33992->33995 33996 434620 GetUserDefaultUILanguage 33995->33996 33997 417496 33999 4174a0 33997->33999 33998 417641 CryptUnprotectData 34000 41766b 33998->34000 33999->33998 34000->34000 34001 40cf97 34002 40cff0 34001->34002 34003 40d03e 34002->34003 34007 43aab0 LdrInitializeThunk 34002->34007 34006 43aab0 LdrInitializeThunk 34003->34006 34006->34003 34007->34003 34008 42f69b 34011 413ce0 34008->34011 34010 42f6a0 CoSetProxyBlanket 34011->34010 34012 42b299 34013 42b2c0 34012->34013 34013->34013 34014 42b6ec GetPhysicallyInstalledSystemMemory 34013->34014 34015 42b714 34014->34015 34023 42a95e 34024 42a982 34023->34024 34025 42aa4f FreeLibrary 34024->34025 34026 42aa63 34025->34026 34027 42aa73 GetComputerNameExA 34026->34027 34028 42aac0 GetComputerNameExA 34027->34028 34030 42abb0 34028->34030 34031 43af5d 34032 43af90 34031->34032 34034 43b01e 34032->34034 34038 43aab0 LdrInitializeThunk 34032->34038 34037 43aab0 LdrInitializeThunk 34034->34037 34036 43b165 34037->34036 34038->34034 34039 43b25c 34041 43b290 34039->34041 34040 43b31e 34041->34040 34043 43aab0 LdrInitializeThunk 34041->34043 34043->34040 34044 434463 34045 434499 34044->34045 34046 43451f 34045->34046 34048 43aab0 LdrInitializeThunk 34045->34048 34048->34045 34049 408760 34051 40876f 34049->34051 34050 4088cc ExitProcess 34051->34050 34052 408784 GetCurrentProcessId GetCurrentThreadId 34051->34052 34053 4088c7 34051->34053 34055 4087aa 34052->34055 34056 4087ac SHGetSpecialFolderPathW GetForegroundWindow 34052->34056 34060 43aa30 FreeLibrary 34053->34060 34055->34056 34057 40880f 34056->34057 34057->34053 34059 40b3e0 FreeLibrary FreeLibrary 34057->34059 34059->34053 34060->34050 34069 41faa0 34070 41faae 34069->34070 34073 41fb00 34069->34073 34075 41fbc0 34070->34075 34076 41fbd0 34075->34076 34076->34076 34077 43d0f0 LdrInitializeThunk 34076->34077 34078 41fccf 34077->34078 34079 40c5a6 CoInitializeEx CoInitializeEx 34080 43b6ea 34081 43b6f4 34080->34081 34084 43b80e 34081->34084 34087 43aab0 LdrInitializeThunk 34081->34087 34083 43b94e 34084->34083 34086 43aab0 LdrInitializeThunk 34084->34086 34086->34083 34087->34084 34088 42daa9 CoSetProxyBlanket 34089 41042d 34092 41044b 34089->34092 34091 40ea5b 34092->34091 34093 414770 34092->34093 34095 414790 34093->34095 34094 43cf60 LdrInitializeThunk 34096 4148ed 34094->34096 34095->34094 34095->34095 34097 41490f 34096->34097 34100 414b04 34096->34100 34102 41493d 34096->34102 34105 41494c 34096->34105 34112 43d270 LdrInitializeThunk 34096->34112 34097->34100 34097->34102 34097->34105 34106 43d330 34097->34106 34100->34105 34114 43aab0 LdrInitializeThunk 34100->34114 34102->34100 34103 43cf60 LdrInitializeThunk 34102->34103 34102->34105 34113 43d270 LdrInitializeThunk 34102->34113 34103->34102 34105->34091 34105->34105 34107 43d350 34106->34107 34110 43d38e 34107->34110 34115 43aab0 LdrInitializeThunk 34107->34115 34108 43d40e 34108->34102 34110->34108 34116 43aab0 LdrInitializeThunk 34110->34116 34112->34097 34113->34102 34114->34105 34115->34110 34116->34108 34117 40e430 34118 40e450 34117->34118 34121 436460 34118->34121 34120 40e55b 34120->34120 34122 436490 CoCreateInstance 34121->34122 34124 436a33 34122->34124 34125 43661b SysAllocString 34122->34125 34126 436a43 GetVolumeInformationW 34124->34126 34128 4366b6 34125->34128 34135 436a5e 34126->34135 34129 436a22 SysFreeString 34128->34129 34130 4366c5 CoSetProxyBlanket 34128->34130 34129->34124 34131 4366e5 SysAllocString 34130->34131 34132 436a18 34130->34132 34134 4367e0 34131->34134 34132->34129 34134->34134 34136 436835 SysAllocString 34134->34136 34135->34120 34138 43685f 34136->34138 34137 436a03 SysFreeString SysFreeString 34137->34132 34138->34137 34139 4369f9 34138->34139 34140 4368a7 VariantInit 34138->34140 34139->34137 34142 4368f0 34140->34142 34141 4369e8 VariantClear 34141->34139 34142->34141 34143 40d3b0 34144 40d3c2 34143->34144 34161 4223d0 34144->34161 34146 40d3e4 34165 422690 34146->34165 34148 40d400 34171 424a40 34148->34171 34154 40d42e 34205 427f20 34154->34205 34156 40d437 34210 426d90 34156->34210 34158 40d453 34215 431160 6 API calls 34158->34215 34160 40d478 34163 422460 34161->34163 34162 42252a 34162->34146 34163->34162 34216 41deb0 RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 34163->34216 34166 42269e 34165->34166 34218 43d580 34166->34218 34169 422374 34169->34148 34175 424a66 34171->34175 34174 43d580 LdrInitializeThunk 34174->34175 34175->34174 34178 424e27 34175->34178 34179 40d41c 34175->34179 34223 43aa50 34175->34223 34232 43d690 34175->34232 34242 43df40 34175->34242 34252 43d900 RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 34175->34252 34254 43aab0 LdrInitializeThunk 34175->34254 34178->34179 34253 43aab0 LdrInitializeThunk 34178->34253 34182 4251c0 34179->34182 34183 4251f0 34182->34183 34185 42523e 34183->34185 34259 43aab0 LdrInitializeThunk 34183->34259 34184 40d425 34192 4254c0 34184->34192 34185->34184 34186 439110 RtlAllocateHeap 34185->34186 34189 425295 34186->34189 34188 439130 RtlFreeHeap 34188->34184 34191 4252fe 34189->34191 34260 43aab0 LdrInitializeThunk 34189->34260 34191->34188 34191->34191 34261 4254e0 CopyFileW RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 34192->34261 34194 4254d4 34194->34154 34195 4254c9 34195->34194 34262 4373b0 RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 34195->34262 34197 425c61 34197->34154 34198 43cf60 LdrInitializeThunk 34203 425c37 34198->34203 34200 425ec7 CopyFileW 34200->34203 34201 43d330 LdrInitializeThunk 34201->34203 34202 42609d 34264 43aab0 LdrInitializeThunk 34202->34264 34203->34197 34203->34198 34203->34200 34203->34201 34203->34202 34263 43d270 LdrInitializeThunk 34203->34263 34206 427fc0 34205->34206 34206->34206 34207 4280b0 34206->34207 34209 43cf60 LdrInitializeThunk 34206->34209 34265 43d270 LdrInitializeThunk 34206->34265 34207->34156 34209->34206 34212 426dd0 34210->34212 34212->34158 34213 43cf60 LdrInitializeThunk 34212->34213 34214 427104 34212->34214 34266 43d270 LdrInitializeThunk 34212->34266 34213->34212 34214->34158 34214->34214 34215->34160 34216->34162 34217 41deb0 RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 34217->34169 34219 43d5a0 34218->34219 34220 422590 34219->34220 34222 43aab0 LdrInitializeThunk 34219->34222 34220->34169 34220->34217 34222->34220 34224 43aa95 34223->34224 34225 43aa8a 34223->34225 34226 43aa68 34223->34226 34228 43aa76 34223->34228 34227 439130 RtlFreeHeap 34224->34227 34229 439110 RtlAllocateHeap 34225->34229 34226->34224 34226->34228 34230 43aa90 34227->34230 34231 43aa7b RtlReAllocateHeap 34228->34231 34229->34230 34230->34175 34231->34230 34233 43d6b0 34232->34233 34233->34233 34235 43d6ee 34233->34235 34255 43aab0 LdrInitializeThunk 34233->34255 34234 43d8ed 34234->34175 34235->34234 34237 439110 RtlAllocateHeap 34235->34237 34239 43d756 34237->34239 34238 439130 RtlFreeHeap 34238->34234 34241 43d7af 34239->34241 34256 43aab0 LdrInitializeThunk 34239->34256 34241->34238 34241->34241 34243 43df4f 34242->34243 34244 43e06e 34243->34244 34257 43aab0 LdrInitializeThunk 34243->34257 34245 43e299 34244->34245 34247 439110 RtlAllocateHeap 34244->34247 34245->34175 34248 43e0f0 34247->34248 34250 43e19e 34248->34250 34258 43aab0 LdrInitializeThunk 34248->34258 34249 439130 RtlFreeHeap 34249->34245 34250->34249 34252->34175 34253->34179 34254->34175 34255->34235 34256->34241 34257->34244 34258->34250 34259->34185 34260->34191 34261->34195 34262->34203 34263->34203 34264->34197 34265->34206 34266->34212 34267 439170 34268 439190 34267->34268 34270 4391ce 34268->34270 34277 43aab0 LdrInitializeThunk 34268->34277 34269 4393c1 34270->34269 34272 439110 RtlAllocateHeap 34270->34272 34275 439265 34272->34275 34273 4392be 34274 439130 RtlFreeHeap 34273->34274 34274->34269 34275->34273 34278 43aab0 LdrInitializeThunk 34275->34278 34277->34270 34278->34273

                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                            Function 00436460 Relevance: 33.8, APIs: 11, Strings: 8, Instructions: 573memorycomCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 0 436460-436487 1 436490-4364bb 0->1 1->1 2 4364bd-4364cb 1->2 3 4364d0-4364e2 2->3 3->3 4 4364e4-436525 3->4 5 436530-436558 4->5 5->5 6 43655a-436573 5->6 8 436575 6->8 9 43657d-436586 6->9 8->9 10 436590-4365b9 9->10 10->10 11 4365bb-436615 CoCreateInstance 10->11 12 436a33-436a5c call 43c7c0 GetVolumeInformationW 11->12 13 43661b-436654 11->13 18 436a66-436a68 12->18 19 436a5e-436a62 12->19 15 436660-43668b 13->15 15->15 17 43668d-4366bf SysAllocString 15->17 24 436a22-436a2f SysFreeString 17->24 25 4366c5-4366df CoSetProxyBlanket 17->25 20 436a7d-436a84 18->20 19->18 22 436a90-436aa2 20->22 23 436a86-436a8d 20->23 26 436ab0-436ac4 22->26 23->22 24->12 27 4366e5-4366f7 25->27 28 436a18-436a1e 25->28 26->26 29 436ac6-436adf 26->29 30 436700-436763 27->30 28->24 32 436ae0-436afe 29->32 30->30 31 436765-4367db SysAllocString 30->31 33 4367e0-436833 31->33 32->32 34 436b00-436b22 call 41c920 32->34 33->33 35 436835-436865 SysAllocString 33->35 39 436b30-436b38 34->39 41 436a03-436a15 SysFreeString * 2 35->41 42 43686b-43688d 35->42 39->39 40 436b3a-436b3c 39->40 43 436b42-436b52 call 408160 40->43 44 436a70-436a77 40->44 41->28 49 436893-436896 42->49 50 4369f9-4369ff 42->50 43->44 44->20 46 436b57-436b5e 44->46 49->50 51 43689c-4368a1 49->51 50->41 51->50 52 4368a7-4368ef VariantInit 51->52 53 4368f0-436904 52->53 53->53 54 436906-436914 53->54 55 436918-43691a 54->55 56 436920-436926 55->56 57 4369e8-4369f5 VariantClear 55->57 56->57 58 43692c-43693a 56->58 57->50 59 43697d 58->59 60 43693c-436941 58->60 62 43697f-4369a7 call 407fc0 call 408c90 59->62 61 43695c-436960 60->61 63 436962-43696b 61->63 64 436950 61->64 73 4369a9 62->73 74 4369ae-4369ba 62->74 67 436972-436976 63->67 68 43696d-436970 63->68 66 436951-43695a 64->66 66->61 66->62 67->66 70 436978-43697b 67->70 68->66 70->66 73->74 75 4369c1-4369e4 call 407ff0 call 407fd0 74->75 76 4369bc 74->76 75->57 76->75
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(0044068C,00000000,00000001,0044067C,00000000), ref: 0043660D
                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(5C045A0B), ref: 00436692
                                                                                                                                                                                                                                                                            • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 004366D7
                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(74A272A6), ref: 0043676A
                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(C783C597), ref: 0043683A
                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(A2A1A0D7), ref: 004368AC
                                                                                                                                                                                                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00436A58
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocString$BlanketCreateInformationInitInstanceProxyVariantVolume
                                                                                                                                                                                                                                                                            • String ID: 45$?jYl$C$VG$Z)u+$mn$mn$n-g/
                                                                                                                                                                                                                                                                            • API String ID: 1810270423-701845885
                                                                                                                                                                                                                                                                            • Opcode ID: 4ad55e56cfb6c4d5a0ac7f0891fce7aa64591192da55a350065a48e26ca34efa
                                                                                                                                                                                                                                                                            • Instruction ID: 67e3ab90fbb55050b83ff511dd6b3c3963a5408760194a0d2960a75ce1ec41a1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ad55e56cfb6c4d5a0ac7f0891fce7aa64591192da55a350065a48e26ca34efa
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F802ED71608341AFD314DF24C881B6BBBE6EFCA714F24C92DE1959B291D738D80ACB56
                                                                                                                                                                                                                                                                            Function 00421DC5 Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 476COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 276 421dc5-421dcb 277 421dd4 276->277 278 421dcd-421dd2 276->278 279 421dd7-421df5 call 407fc0 277->279 278->279 283 421e22-421e33 279->283 284 421e02-421e08 call 407fd0 279->284 285 421e20 279->285 286 421e0b-421e12 279->286 287 421dfc 279->287 289 421e35-421e3a 283->289 290 421e3c 283->290 284->286 285->283 286->285 287->284 292 421e3e-421e75 call 407fc0 289->292 290->292 295 421e80-421eae 292->295 295->295 296 421eb0-421eb8 295->296 297 421ed1-421ee4 296->297 298 421eba-421ebf 296->298 300 421f01-421f1d call 43d0f0 297->300 301 421ee6-421eea 297->301 299 421ec0-421ecf 298->299 299->297 299->299 305 422110 300->305 306 422220-42223a 300->306 307 422116-42211f call 407fd0 300->307 308 421f34-421f41 300->308 309 421f24-421f2b 300->309 310 422124-4221c6 300->310 311 4220fe-422108 300->311 302 421ef0-421eff 301->302 302->300 302->302 305->307 314 422240-42228a 306->314 322 422374-422379 307->322 315 421f43-421f48 308->315 316 421f4a 308->316 309->308 313 4221d0-4221ff 310->313 311->305 313->313 319 422201-422211 call 41ff00 313->319 314->314 320 42228c-42230f 314->320 317 421f51-421ff7 call 407fc0 315->317 316->317 330 422000-42206b 317->330 328 422216-42221b 319->328 324 422310-42233f 320->324 327 422380 322->327 324->324 325 422341-42236a call 41fd40 324->325 325->322 333 422382 327->333 328->322 330->330 332 42206d-42207d 330->332 334 4220a1-4220ad 332->334 335 42207f-422086 332->335 339 422388 333->339 337 4220d3 334->337 338 4220af-4220b7 334->338 336 422090-42209f 335->336 336->334 336->336 341 4220d7-4220f7 GetLogicalDrives call 43d0f0 337->341 340 4220c0-4220cf 338->340 343 42238e-422397 call 407fd0 339->343 340->340 342 4220d1 340->342 341->305 341->306 341->307 341->311 341->322 341->327 341->333 341->339 341->343 347 4223a0-4223a6 call 407fd0 341->347 348 4223af 341->348 349 4223b5-4223bb call 407fd0 341->349 350 4223be-42253b 341->350 342->341 343->347 347->348 348->349 349->350 358 422544 350->358 359 42253d-422542 350->359 360 422547-42255e call 407fc0 358->360 359->360 364 422584-422589 360->364 365 422560 364->365 366 42258b-42258e 364->366 367 422565-42257e call 407fc0 365->367 366->367 367->364
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: *W/Y$+K%M$3[2]$:_/A$IJ$O'K)$a<c>
                                                                                                                                                                                                                                                                            • API String ID: 0-2559717322
                                                                                                                                                                                                                                                                            • Opcode ID: 48e9b0df01243e763ab745ea83c63c7195619ddafca1e12efba534bfc1cbf822
                                                                                                                                                                                                                                                                            • Instruction ID: 0c487e9e3b9aefff8e68a2fdad061e46caa87b058bf2632cc34328a3e7ef8eeb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48e9b0df01243e763ab745ea83c63c7195619ddafca1e12efba534bfc1cbf822
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EBE1FCB6608350CFC310DF65E88126BBBE1EF96304F55892DE9958B310E7B8D905CB9B
                                                                                                                                                                                                                                                                            Function 0042A95E Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 431COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 493 42a95e-42a9ba call 43c7c0 497 42a9c0-42a9f0 493->497 497->497 498 42a9f2-42a9fc 497->498 499 42a9fe-42aa09 498->499 500 42aa1d 498->500 501 42aa10-42aa19 499->501 502 42aa21-42aa30 500->502 501->501 503 42aa1b 501->503 504 42aa32-42aa3b 502->504 505 42aa4d 502->505 503->502 506 42aa40-42aa49 504->506 507 42aa4f-42aabf FreeLibrary call 43c7c0 GetComputerNameExA 505->507 506->506 508 42aa4b 506->508 512 42aac0-42aaeb 507->512 508->507 512->512 513 42aaed-42aaf7 512->513 514 42aaf9-42ab04 513->514 515 42ab1d 513->515 516 42ab10-42ab19 514->516 517 42ab21-42ab30 515->517 516->516 518 42ab1b 516->518 519 42ab32-42ab3b 517->519 520 42ab4d 517->520 518->517 521 42ab40-42ab49 519->521 522 42ab4f-42abab GetComputerNameExA 520->522 521->521 523 42ab4b 521->523 524 42abb0-42abed 522->524 523->522 524->524 525 42abef-42abf9 524->525 526 42abfb-42ac06 525->526 527 42ac1d 525->527 529 42ac10-42ac19 526->529 528 42ac21-42ac32 527->528 531 42ac34-42ac3b 528->531 532 42ac4b-42ac9f 528->532 529->529 530 42ac1b 529->530 530->528 533 42ac40-42ac49 531->533 535 42aca0-42acc7 532->535 533->532 533->533 535->535 536 42acc9-42acd3 535->536 537 42acd5-42acdf 536->537 538 42aceb-42acf8 536->538 539 42ace0-42ace9 537->539 540 42acfa-42ad01 538->540 541 42ad1b-42ad74 call 43c7c0 538->541 539->538 539->539 543 42ad10-42ad19 540->543 546 42ad80-42ad9a 541->546 543->541 543->543 546->546 547 42ad9c-42ada6 546->547 548 42adbb-42ae06 call 408c90 547->548 549 42ada8-42adaf 547->549 553 42ae10-42ae4f 548->553 550 42adb0-42adb9 549->550 550->548 550->550 553->553 554 42ae51-42ae61 553->554 555 42ae63-42ae6a 554->555 556 42ae7b-42ae7e call 42f240 554->556 558 42ae70-42ae79 555->558 559 42ae83-42ae9f 556->559 558->556 558->558
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 0042AA5D
                                                                                                                                                                                                                                                                            • GetComputerNameExA.KERNELBASE(00000006,00000000,00000200), ref: 0042AA97
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ComputerFreeLibraryName
                                                                                                                                                                                                                                                                            • String ID: UXT.$gx$yYSW
                                                                                                                                                                                                                                                                            • API String ID: 2904949787-375554135
                                                                                                                                                                                                                                                                            • Opcode ID: 5f99cd8f8dd6eafbd471ee68844798b9fc772cc32bb9061cda1094a94f7c6169
                                                                                                                                                                                                                                                                            • Instruction ID: 1dadec6a0bc507496f818bff9d64e7bad80a934978026e92cc98925d303d69d6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f99cd8f8dd6eafbd471ee68844798b9fc772cc32bb9061cda1094a94f7c6169
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAD1EF6060C3D18BD7358B3598507ABBBE1AF97304F58889ED5C9A7283D739480ACB67
                                                                                                                                                                                                                                                                            Function 0042A959 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 352COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 560 42a959-42aa6e call 43c7c0 563 42aa73-42aabf GetComputerNameExA 560->563 564 42aac0-42aaeb 563->564 564->564 565 42aaed-42aaf7 564->565 566 42aaf9-42ab04 565->566 567 42ab1d 565->567 568 42ab10-42ab19 566->568 569 42ab21-42ab30 567->569 568->568 570 42ab1b 568->570 571 42ab32-42ab3b 569->571 572 42ab4d 569->572 570->569 573 42ab40-42ab49 571->573 574 42ab4f-42abab GetComputerNameExA 572->574 573->573 575 42ab4b 573->575 576 42abb0-42abed 574->576 575->574 576->576 577 42abef-42abf9 576->577 578 42abfb-42ac06 577->578 579 42ac1d 577->579 581 42ac10-42ac19 578->581 580 42ac21-42ac32 579->580 583 42ac34-42ac3b 580->583 584 42ac4b-42ac9f 580->584 581->581 582 42ac1b 581->582 582->580 585 42ac40-42ac49 583->585 587 42aca0-42acc7 584->587 585->584 585->585 587->587 588 42acc9-42acd3 587->588 589 42acd5-42acdf 588->589 590 42aceb-42acf8 588->590 591 42ace0-42ace9 589->591 592 42acfa-42ad01 590->592 593 42ad1b-42ad74 call 43c7c0 590->593 591->590 591->591 595 42ad10-42ad19 592->595 598 42ad80-42ad9a 593->598 595->593 595->595 598->598 599 42ad9c-42ada6 598->599 600 42adbb-42ae06 call 408c90 599->600 601 42ada8-42adaf 599->601 605 42ae10-42ae4f 600->605 602 42adb0-42adb9 601->602 602->600 602->602 605->605 606 42ae51-42ae61 605->606 607 42ae63-42ae6a 606->607 608 42ae7b-42ae7e call 42f240 606->608 610 42ae70-42ae79 607->610 611 42ae83-42ae9f 608->611 610->608 610->610
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetComputerNameExA.KERNELBASE(00000006,00000000,00000200), ref: 0042AA97
                                                                                                                                                                                                                                                                            • GetComputerNameExA.KERNELBASE(00000005,?,00000200), ref: 0042AB72
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ComputerName
                                                                                                                                                                                                                                                                            • String ID: UXT.$gx$yYSW
                                                                                                                                                                                                                                                                            • API String ID: 3545744682-375554135
                                                                                                                                                                                                                                                                            • Opcode ID: af107c7b1bc259f735e4369839b7e80fb91f86eba2e22af7052b33d77afa4a01
                                                                                                                                                                                                                                                                            • Instruction ID: 8900905054eb6be05a603bebf275e59dff5410cdf85dca3e1e626c4f2581f8bf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af107c7b1bc259f735e4369839b7e80fb91f86eba2e22af7052b33d77afa4a01
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23B1FF2060C3D18BD7258F3598507ABBBE1AF97344F58889ED5C99B283C739450ACB6B
                                                                                                                                                                                                                                                                            Function 00408760 Relevance: 7.6, APIs: 5, Instructions: 117threadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 612 408760-408771 call 43a500 615 408777-40877e call 433270 612->615 616 4088cc-4088ce ExitProcess 612->616 619 408784-4087a8 GetCurrentProcessId GetCurrentThreadId 615->619 620 4088c7 call 43aa30 615->620 622 4087aa 619->622 623 4087ac-408809 SHGetSpecialFolderPathW GetForegroundWindow 619->623 620->616 622->623 624 4088a3-4088bb call 409a10 623->624 625 40880f-4088a1 623->625 624->620 628 4088bd call 40c580 624->628 625->624 630 4088c2 call 40b3e0 628->630 630->620
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00408784
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0040878D
                                                                                                                                                                                                                                                                            • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 004087EC
                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00408801
                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 004088CE
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4063528623-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4a5684cab7a0e4bdca8710a94a42124563d18bb80f3ac4a13f85422a1dac580d
                                                                                                                                                                                                                                                                            • Instruction ID: 77a33c71830c9bed1eca70cbc4cf659eaf0ca584cd369f95988227e65177acaa
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a5684cab7a0e4bdca8710a94a42124563d18bb80f3ac4a13f85422a1dac580d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3316B77B502180BD718BFB48C973AAB6968BC4304F0A813E6D85EB3C1ED7C9C0886C5
                                                                                                                                                                                                                                                                            Function 0040D4C5 Relevance: 6.6, APIs: 2, Strings: 2, Instructions: 579COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 632 40d4c5-40d4ea call 409580 CoUninitialize 635 40d4f0-40d50d 632->635 635->635 636 40d50f-40d51e 635->636 637 40d520-40d542 636->637 637->637 638 40d544-40d583 637->638 639 40d590-40d5a2 638->639 639->639 640 40d5a4-40d5ac 639->640 641 40d5cb-40d5d3 640->641 642 40d5ae-40d5b7 640->642 644 40d5d5-40d5d9 641->644 645 40d5ed 641->645 643 40d5c0-40d5c9 642->643 643->641 643->643 646 40d5e0-40d5e9 644->646 647 40d5f0-40d5f8 645->647 646->646 648 40d5eb 646->648 649 40d5fa-40d5ff 647->649 650 40d60d 647->650 648->647 651 40d600-40d609 649->651 652 40d610-40d618 650->652 651->651 653 40d60b 651->653 654 40d61a-40d61f 652->654 655 40d62d 652->655 653->652 656 40d620-40d629 654->656 657 40d630-40d638 655->657 656->656 658 40d62b 656->658 659 40d63a-40d63f 657->659 660 40d64b-40d657 657->660 658->657 661 40d640-40d649 659->661 662 40d671-40d726 660->662 663 40d659-40d65b 660->663 661->660 661->661 665 40d730-40d752 662->665 664 40d660-40d66d 663->664 664->664 666 40d66f 664->666 665->665 667 40d754-40d76f 665->667 666->662 668 40d770-40d782 667->668 668->668 669 40d784-40d7d9 call 40b410 call 409580 CoUninitialize 668->669 674 40d7e0-40d7fd 669->674 674->674 675 40d7ff-40d812 674->675 676 40d820-40d83c 675->676 676->676 677 40d83e-40d87f 676->677 678 40d880-40d892 677->678 678->678 679 40d894-40d89f 678->679 680 40d8a1-40d8a4 679->680 681 40d8bb-40d8c3 679->681 682 40d8b0-40d8b9 680->682 683 40d8e0 681->683 684 40d8c5-40d8c9 681->684 682->681 682->682 685 40d8e3-40d8eb 683->685 686 40d8d0-40d8d9 684->686 687 40d910-40d913 685->687 688 40d8ed-40d8f6 685->688 686->686 689 40d8db 686->689 691 40d916-40d921 687->691 690 40d900-40d909 688->690 689->685 690->690 692 40d90b 690->692 693 40d923-40d924 691->693 694 40d93b-40d943 691->694 692->691 695 40d930-40d939 693->695 696 40d945-40d948 694->696 697 40d95b-40d967 694->697 695->694 695->695 698 40d950-40d959 696->698 699 40d981-40da47 697->699 700 40d969-40d96b 697->700 698->697 698->698 701 40da50-40da6e 699->701 702 40d970-40d97d 700->702 701->701 703 40da70-40da93 701->703 702->702 704 40d97f 702->704 705 40daa0-40dab2 703->705 704->699 705->705 706 40dab4-40dae7 call 40b410 705->706
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Uninitialize
                                                                                                                                                                                                                                                                            • String ID: Z^\$$discokeyus.lat
                                                                                                                                                                                                                                                                            • API String ID: 3861434553-1007405290
                                                                                                                                                                                                                                                                            • Opcode ID: a01fd8f87f26d3d816f1489fecb99da8441a4692f313b6bc4dccc3dd5f847be8
                                                                                                                                                                                                                                                                            • Instruction ID: 3353da60549ac53eb5a42772c14460b5de988c874ace14de65c709a5006177b6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a01fd8f87f26d3d816f1489fecb99da8441a4692f313b6bc4dccc3dd5f847be8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4702C0B4508B819FD326CF79C490622BFA1BF57304718869DC4D65BB92C376A80BCF95
                                                                                                                                                                                                                                                                            Function 0042B299 Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 638COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 709 42b299-42b2bf 710 42b2c0-42b2f0 709->710 710->710 711 42b2f2-42b2fe 710->711 712 42b300-42b309 711->712 713 42b31b-42b32b 711->713 714 42b310-42b319 712->714 715 42b341-42b3a1 call 43c7c0 call 41c920 713->715 716 42b32d-42b32f 713->716 714->713 714->714 724 42b3b0-42b3d9 715->724 717 42b330-42b33d 716->717 717->717 719 42b33f 717->719 719->715 724->724 725 42b3db-42b40b 724->725 726 42b410-42b42d 725->726 726->726 727 42b42f-42b439 726->727 728 42b45b-42b463 727->728 729 42b43b-42b442 727->729 731 42b465-42b466 728->731 732 42b47b-42b488 728->732 730 42b450-42b459 729->730 730->728 730->730 733 42b470-42b479 731->733 734 42b48a-42b491 732->734 735 42b4ab-42b4f6 732->735 733->732 733->733 736 42b4a0-42b4a9 734->736 737 42b500-42b548 735->737 736->735 736->736 737->737 738 42b54a-42b554 737->738 739 42b556-42b55f 738->739 740 42b56b-42b575 738->740 743 42b560-42b569 739->743 741 42b577-42b57b 740->741 742 42b58b-42b63f 740->742 744 42b580-42b589 741->744 745 42b640-42b671 742->745 743->740 743->743 744->742 744->744 745->745 746 42b673-42b67f 745->746 747 42b681-42b683 746->747 748 42b69b-42b6a7 746->748 749 42b690-42b699 747->749 750 42b6c1-42b70f call 43c7c0 GetPhysicallyInstalledSystemMemory call 41c920 748->750 751 42b6a9-42b6ab 748->751 749->748 749->749 757 42b714-42b72f 750->757 752 42b6b0-42b6bd 751->752 752->752 754 42b6bf 752->754 754->750 758 42b730-42b759 757->758 758->758 759 42b75b-42b78b 758->759 760 42b790-42b7ad 759->760 760->760 761 42b7af-42b7b9 760->761 762 42b7e0 761->762 763 42b7bb-42b7c6 761->763 765 42b7e4-42b7ec 762->765 764 42b7d0-42b7d9 763->764 764->764 766 42b7db 764->766 767 42b7fb-42b808 765->767 768 42b7ee-42b7ef 765->768 766->765 770 42b80a-42b811 767->770 771 42b82b-42b876 767->771 769 42b7f0-42b7f9 768->769 769->767 769->769 773 42b820-42b829 770->773 772 42b880-42b8c8 771->772 772->772 774 42b8ca-42b8d8 772->774 773->771 773->773 775 42b8da-42b8e1 774->775 776 42b8fb-42b905 774->776 777 42b8f0-42b8f9 775->777 778 42b907 776->778 779 42b91b-42b9af 776->779 777->776 777->777 780 42b910-42b919 778->780 780->779 780->780
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0042B6F4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InstalledMemoryPhysicallySystem
                                                                                                                                                                                                                                                                            • String ID: ]Ey"$fb8o
                                                                                                                                                                                                                                                                            • API String ID: 3960555810-2620436900
                                                                                                                                                                                                                                                                            • Opcode ID: d2d7c777c158c13a6f2eb2385bada538994fc22ae8f6f668b927d4a2ed2f27eb
                                                                                                                                                                                                                                                                            • Instruction ID: 1a29b2663a6d1e3d4bc50f7d2f98f59186f85f8d55af297ffebb30dde5549efa
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2d7c777c158c13a6f2eb2385bada538994fc22ae8f6f668b927d4a2ed2f27eb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8902F27060C3D18BD725CF2990607ABBBE1EFD6304F18496EE4C99B382D7398546CB96
                                                                                                                                                                                                                                                                            Function 00431705 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 781 431705-4317e6 call 413ce0 GetSystemMetrics * 2 789 4317ed-43187e 781->789
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MetricsSystem
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                                                            • Opcode ID: 02e95a7637a0fdffc14611a2c26144971c0d08941b5acdc01291454eb15c36d4
                                                                                                                                                                                                                                                                            • Instruction ID: 84ba85f599bfe593243629aae81f29994c3d58cf2d1c2a048a06c6410ce7060c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02e95a7637a0fdffc14611a2c26144971c0d08941b5acdc01291454eb15c36d4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF5183B4E142099FDB40EFACD985A9DBBF0BB48300F11852DE858E7350D734A958CF86
                                                                                                                                                                                                                                                                            Function 00417496 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 271COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: qvA
                                                                                                                                                                                                                                                                            • API String ID: 0-3536614403
                                                                                                                                                                                                                                                                            • Opcode ID: 68d515c8278d5df6a795260ef74c201736a7f9aec25fe10ccd1d2a30d3e9dd9c
                                                                                                                                                                                                                                                                            • Instruction ID: 0b74dc5284327a075ed2a6e920350851d58bac8a0683bb31861ca27e01e1f38e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68d515c8278d5df6a795260ef74c201736a7f9aec25fe10ccd1d2a30d3e9dd9c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 958119729083418FC728CF28C4916ABB7F2EF95314F198A2DE4D987391E738D841CB96
                                                                                                                                                                                                                                                                            Function 0043AAB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LdrInitializeThunk.NTDLL(0043CF3B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043AADE
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                            • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                            • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                                                            Function 0043B6EA Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                            • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                                                                            • Opcode ID: 2d29c2363087ae2445c47f735b3169f3cfacc36d22b2503d9ccd451329d8dc2c
                                                                                                                                                                                                                                                                            • Instruction ID: 696af974d1bcbc32eaa7040c368737887f333a36ac0ad3cd2a6f863bb4d3091a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d29c2363087ae2445c47f735b3169f3cfacc36d22b2503d9ccd451329d8dc2c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 576129B2A183218BD328DF65C88172772E6FFD9744F09953DE9849B391E7788D0087CA
                                                                                                                                                                                                                                                                            Function 0043D0F0 Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                            • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                                                                            • Opcode ID: 8191c18516c06fb500c04d78651c9962b96ca3d89c594c44ecf332eb6cdb3495
                                                                                                                                                                                                                                                                            • Instruction ID: 8722bf08d20765cd536f5545f28ecaa09abb1181387d0d4d0c03accd67f8dc44
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8191c18516c06fb500c04d78651c9962b96ca3d89c594c44ecf332eb6cdb3495
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 034124B1D043008BDB148F25D84166BB7B2FFCA328F15A66DE8955B391D738DD05C78A
                                                                                                                                                                                                                                                                            Function 0043D580 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                            • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                                                                            • Opcode ID: 90653da1737339cf8af8827c33d6398277b321e7f3f4fdada1e5724c73b13124
                                                                                                                                                                                                                                                                            • Instruction ID: 467bac8008fbcbc46b86f330db31b059008b49b72e37d9521a40a8b0ad26a6f1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90653da1737339cf8af8827c33d6398277b321e7f3f4fdada1e5724c73b13124
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F42135715083009FD320DF18E8C266BBBF5EF8A364F11993DE99943390D3399858CBA6
                                                                                                                                                                                                                                                                            Function 00439170 Relevance: .3, Instructions: 253COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                            • Opcode ID: 444aaad6ca554c9ece308726c993377377bdf3d9faaa7609f96dd4bddce97dc9
                                                                                                                                                                                                                                                                            • Instruction ID: 2639dec5ebfe843594b85c122d8b37952eb58c43b15d33e6b2b5c9b7737a43e3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 444aaad6ca554c9ece308726c993377377bdf3d9faaa7609f96dd4bddce97dc9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F51C135A483044FD7209F64DC44B7BB3A2EBC9710F19962DD8D567381E6B5AC02D789
                                                                                                                                                                                                                                                                            Function 0043D690 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1a0aab3dece78a08d449f695b979233d5bad229ec77ae9ef8797340741f78d0a
                                                                                                                                                                                                                                                                            • Instruction ID: 0422055a1e874caf109325627c424b04d6d7c3e9d3bc81ac213a5306bb4f8538
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a0aab3dece78a08d449f695b979233d5bad229ec77ae9ef8797340741f78d0a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93614734A043019BDB24AF28E85163FB3E2EFD9760F15953DE89687391E734AC60D74A
                                                                                                                                                                                                                                                                            Function 0043B4A3 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5e2af9d3321cbaf144e987a67f87d20a1b59f285fe87837813851281f8b49d08
                                                                                                                                                                                                                                                                            • Instruction ID: 1c99654b7c5864b61d1c28b7cc8ffbcfd2e27d6f0ce15f84ea81510a269ac3b3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e2af9d3321cbaf144e987a67f87d20a1b59f285fe87837813851281f8b49d08
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1415CB6B187644BD3289EE998C13277292FBD9318F2E963DDE9957392D3648C0043C9
                                                                                                                                                                                                                                                                            Function 0043D330 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                            • Opcode ID: aee970ee838a1fdb58a3742c1897fbe9d449a8df9f67038e79a11246790c3021
                                                                                                                                                                                                                                                                            • Instruction ID: b4e1bb7e215930cdc019edef3399d101ba1e86b8975554ee20e3df62ea8e34a5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aee970ee838a1fdb58a3742c1897fbe9d449a8df9f67038e79a11246790c3021
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD310834B053005FE7144B28EC81B7BB7E5EB9A714F24562EE585A3391D234EC61C74A
                                                                                                                                                                                                                                                                            Function 0040C1BE Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 5172836a56d6eaf73f5791cf67322ffa60ca432f6c95cf358b86109dd8d3486b
                                                                                                                                                                                                                                                                            • Instruction ID: da48827ae10236048bde58a6fa6a76e17a0f8748d1ffb476d9ec44dba04300d3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5172836a56d6eaf73f5791cf67322ffa60ca432f6c95cf358b86109dd8d3486b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1421FF357093409FC3149F28DC823ABBBE2DBD6318F94692CE5D5973A2C5B4D8069B4A
                                                                                                                                                                                                                                                                            Function 0040C5A6 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000002), ref: 0040C5AA
                                                                                                                                                                                                                                                                            • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040C6F4
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Initialize
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2538663250-0
                                                                                                                                                                                                                                                                            • Opcode ID: 14a6c1dfbf3e26469eed638b0aaa314f588d997576ceedd13725b72c0cbf942b
                                                                                                                                                                                                                                                                            • Instruction ID: 4e1a100a13211c5d3ae73b2a88ee96bd49f7fb81698c98e563bdc7523732f142
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14a6c1dfbf3e26469eed638b0aaa314f588d997576ceedd13725b72c0cbf942b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7241C7B4C10B40AFD370EF399A0B7137EB4AB05254F504B1EF9EA866D4E631A4198BD7
                                                                                                                                                                                                                                                                            Function 0040C745 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040C757
                                                                                                                                                                                                                                                                            • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040C772
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InitializeSecurity
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 640775948-0
                                                                                                                                                                                                                                                                            • Opcode ID: e0b9aed54267f221c5c4497be90b75d15376a43e0ebf911ba075d5061d90f8f3
                                                                                                                                                                                                                                                                            • Instruction ID: 4efd521cb835fd9462162e9d2cf38e4035d5a68a0a1a7f5ca4642bf8e6032d07
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e0b9aed54267f221c5c4497be90b75d15376a43e0ebf911ba075d5061d90f8f3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00E017387C83007AF6794F40EC17F243622AB83F22F704314B3213E2E886E03105891D
                                                                                                                                                                                                                                                                            Function 0043AA50 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,00000000,0040B288,00000000,00000001), ref: 0043AA82
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                            • Opcode ID: 10a9372251ced5d23f88fb33e87b8f937b116e052609dcd83eed36fadad0be87
                                                                                                                                                                                                                                                                            • Instruction ID: f372461160a3ba5970fa5d6a03685fb3d03a40a4562951e738266f8d841aac8f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10a9372251ced5d23f88fb33e87b8f937b116e052609dcd83eed36fadad0be87
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6E02B36514211BFCA016B29BC06A1B37A8DF8B730F060836F441A2111DA38E811C5AF
                                                                                                                                                                                                                                                                            Function 0042DAA9 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: BlanketProxy
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3890896728-0
                                                                                                                                                                                                                                                                            • Opcode ID: e1df18a00371aef941c651020623f7b5d5642121261b3414df7d026dfa1bd4cf
                                                                                                                                                                                                                                                                            • Instruction ID: 74e542448eba8a93d2ef3a55d6f1ac1eca5b0e5edeeac5966ab249d7700e73b8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1df18a00371aef941c651020623f7b5d5642121261b3414df7d026dfa1bd4cf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44F0F4716087028FE301CF24C59835BBBE2BBC9314F16892CE0A45B354C7B5E9498FC2
                                                                                                                                                                                                                                                                            Function 0042F69B Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: BlanketProxy
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3890896728-0
                                                                                                                                                                                                                                                                            • Opcode ID: 25a8433d6077cd415cd983f350434e04cc17268b215967d9fd44bab74db72ecb
                                                                                                                                                                                                                                                                            • Instruction ID: 68165b70bfd33716cdda4f40f48016cd5748050c970ae5de9c8f83468294c59a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25a8433d6077cd415cd983f350434e04cc17268b215967d9fd44bab74db72ecb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81F0A4756093418FE311DF25C55975BBBE1BBC4308F25891CE4944B290C7B5A5498FC2
                                                                                                                                                                                                                                                                            Function 00439130 Relevance: 1.5, APIs: 1, Instructions: 18memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(?,00000000,?,0043AA9B,?,0040B288,00000000,00000001), ref: 00439151
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                            • Opcode ID: d1245e51f4d933cfd9ec176b2050ed85032a3bd9db358e8851953e50ee267f6c
                                                                                                                                                                                                                                                                            • Instruction ID: bf25621c216e80aa75f1419199000b04fd291d607baa8f3ccaf1e2363919b0b1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1245e51f4d933cfd9ec176b2050ed85032a3bd9db358e8851953e50ee267f6c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FDD01731409221EBCB102F58BC016CA3B64EF0A321F0748A6F8006A075CA358891CB9A
                                                                                                                                                                                                                                                                            Function 00434608 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetUserDefaultUILanguage.KERNELBASE ref: 00434623
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: DefaultLanguageUser
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 95929093-0
                                                                                                                                                                                                                                                                            • Opcode ID: b9bb871650b890861425900a7b617f77fcecf451138fe0396178464e42e5b484
                                                                                                                                                                                                                                                                            • Instruction ID: c9864e16ae59771b51b7984cdc9b2e5d9f7f7ccf34f2518139ae5690911d8640
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9bb871650b890861425900a7b617f77fcecf451138fe0396178464e42e5b484
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05E01A79A151168FC754EF28D991A687BF0AF4D705F4100AEE44AE7250EB3059809F51
                                                                                                                                                                                                                                                                            Function 00439110 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(?,00000000,?,?,0043AA90), ref: 00439120
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4d5223becddd1ee7afd0ebd8655b7adea85623b00fc54531f3d1029bd4836392
                                                                                                                                                                                                                                                                            • Instruction ID: a51812e067616a6d9a44cd00795a97b8a2e36f518c89a2deb0f36a2ec376c4fe
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d5223becddd1ee7afd0ebd8655b7adea85623b00fc54531f3d1029bd4836392
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46C09B31055121ABC6102B15FC05FC63F58DF45361F054455F40477071C760AC81C7D8

                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                            Function 004254C0 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 445COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 34$6YAL$ASVu$N[IY$TU$[0W2$l$r{qt$z`B
                                                                                                                                                                                                                                                                            • API String ID: 0-3839753537
                                                                                                                                                                                                                                                                            • Opcode ID: dd1584c77e830c0eeac3f2e348f92e18ba69b08daf4c5e3de6aa0b9483b90ec0
                                                                                                                                                                                                                                                                            • Instruction ID: 783449535d1b90a0855ceb81c27650a1b8e6cacaed21d2d8abbf0ff5583a39d5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd1584c77e830c0eeac3f2e348f92e18ba69b08daf4c5e3de6aa0b9483b90ec0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68E12FB560C3508BD320DF65E84276BBBE2FBD2304F45882DE5C58B361DB789905CB9A
                                                                                                                                                                                                                                                                            Function 00409190 Relevance: 14.1, Strings: 11, Instructions: 382COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: !$"9+!$#$'%9$$042:$1-34$<5%"$LG$WV$xVV]|$|
                                                                                                                                                                                                                                                                            • API String ID: 0-2448962107
                                                                                                                                                                                                                                                                            • Opcode ID: 9a752688e17dec5b4f8023c1df289e793b18aa519799bc8747e2f206e404ed0f
                                                                                                                                                                                                                                                                            • Instruction ID: fbbaf9226e3b192056be0245cdabb9834f0a949d659d24b1dfb442df81301533
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a752688e17dec5b4f8023c1df289e793b18aa519799bc8747e2f206e404ed0f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04B1E37164C3819FC3168F29849076BBFE0AF97344F4849ADE4D59B382D239C906CB9A
                                                                                                                                                                                                                                                                            Function 00426D90 Relevance: 11.7, Strings: 9, Instructions: 455COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: !A,C$%E4G$1IJK$2qB$2qB$G5U7$W9H;$X=}?$t1[3
                                                                                                                                                                                                                                                                            • API String ID: 0-547751609
                                                                                                                                                                                                                                                                            • Opcode ID: 825d617d40c12177756e69bfe9bb547412c0146995124a48825e9bda62298f3e
                                                                                                                                                                                                                                                                            • Instruction ID: e66c82b64b1499b1cfb501323437cdd907afed9e35dd3221fd61de41019153bb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 825d617d40c12177756e69bfe9bb547412c0146995124a48825e9bda62298f3e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0AD1F37160C3518BD724CF24D8527ABB7F1EFC6304F45892DE4959B381DB789A0ACB8A
                                                                                                                                                                                                                                                                            Function 00431160 Relevance: 9.1, APIs: 6, Instructions: 134clipboardCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1006321803-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7a5e64b4adff615461d99535ed0619398c95e3c77bc191fa98b8a9ede4e318dc
                                                                                                                                                                                                                                                                            • Instruction ID: 530e8bd4a596cf230c2a4839fedd7a14e9a373bc241cb4b2c9a3daa8db77aad9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a5e64b4adff615461d99535ed0619398c95e3c77bc191fa98b8a9ede4e318dc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D95125B1D086918FD700ABB8C54936FBFE0AB06314F04867ED9A997291D33CA558C7A7
                                                                                                                                                                                                                                                                            Function 00409580 Relevance: 9.1, Strings: 7, Instructions: 369COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: /37)$09CDF4F35E131319E9E2F0D64B3B48BA$:;$;$M$\e_f$lY`U
                                                                                                                                                                                                                                                                            • API String ID: 0-3520754755
                                                                                                                                                                                                                                                                            • Opcode ID: 9bd2be50993764d2d2b9b61a8ff76ca0608ea4ca6995cd6b58b03629dcfac725
                                                                                                                                                                                                                                                                            • Instruction ID: 243afdaea8f09e7dbc1359cd46d4311f40fc2501b71688d54a50c8194030eeaf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bd2be50993764d2d2b9b61a8ff76ca0608ea4ca6995cd6b58b03629dcfac725
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EDB1F3B260C3408BD714DF25C85166FBBE6EBD2314F18892DE5D19B382DA39C909CB5A
                                                                                                                                                                                                                                                                            Function 00385DD3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,2000000B,003857A4,00000002,00000000,?,?,?,003857A4,?,00000000), ref: 00385E6C
                                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20001004,003857A4,00000002,00000000,?,?,?,003857A4,?,00000000), ref: 00385E95
                                                                                                                                                                                                                                                                            • GetACP.KERNEL32(?,?,003857A4,?,00000000), ref: 00385EAA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                                                                            • String ID: ACP$OCP
                                                                                                                                                                                                                                                                            • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                            • Opcode ID: 03f94f948463e14df3749c956c333360f2b361826485af0f1ee168c7e2116765
                                                                                                                                                                                                                                                                            • Instruction ID: 434ebc21d4be08bc6fb508de33544b34d3d89818b395140f599a637df76d5d00
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 03f94f948463e14df3749c956c333360f2b361826485af0f1ee168c7e2116765
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A219536601B00AADB37AF54CD00AD773AAEB54F55B5784A4E90AE7500E732FF40C390
                                                                                                                                                                                                                                                                            Function 0038566E Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: GetLastError.KERNEL32(00000000,?,00382A49), ref: 00380717
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: SetLastError.KERNEL32(00000000,?,?,00000028,0037D2C9), ref: 003807B9
                                                                                                                                                                                                                                                                            • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 00385776
                                                                                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000), ref: 003857B4
                                                                                                                                                                                                                                                                            • IsValidLocale.KERNEL32(?,00000001), ref: 003857C7
                                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0038580F
                                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0038582A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 415426439-0
                                                                                                                                                                                                                                                                            • Opcode ID: ea9b040ac73d7af57e5bab73cb695c4d61d77b773f5676f6743d6c73aae08751
                                                                                                                                                                                                                                                                            • Instruction ID: c481caaf40ec89236088e8190964e5188bec2ac55dae1a15442f95b2cefe048c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea9b040ac73d7af57e5bab73cb695c4d61d77b773f5676f6743d6c73aae08751
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D515E71A01B09EFEF12EFA4CC41AAE77B8BF04701F1544EAB951EB191E770DA448B61
                                                                                                                                                                                                                                                                            Function 00418810 Relevance: 6.5, APIs: 2, Strings: 1, Instructions: 1265COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0043AAB0: LdrInitializeThunk.NTDLL(0043CF3B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043AADE
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 00418DDD
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 00418E5E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeLibrary$InitializeThunk
                                                                                                                                                                                                                                                                            • String ID: l
                                                                                                                                                                                                                                                                            • API String ID: 764372645-2517025534
                                                                                                                                                                                                                                                                            • Opcode ID: c943a0464b6adbced3352b2cf38f9b9b605f207909f1c079a9d476354aeeb27f
                                                                                                                                                                                                                                                                            • Instruction ID: 446c1a239736a9c675d5d309e2a1864471b60c1e64c44baf205e04d5173a9a97
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c943a0464b6adbced3352b2cf38f9b9b605f207909f1c079a9d476354aeeb27f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C48214747483419BE714CB64C890B7BBBE2EBD5300F28893EE5858B391D7799C81CB5A
                                                                                                                                                                                                                                                                            Function 0037E930 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 940c0e5d6642d71f3349d6853f9f47a4d852d201499cf18fcd482ab34cbb11e5
                                                                                                                                                                                                                                                                            • Instruction ID: 7e6557abdd456f64029347f27bdea27bbef011d2fca6ec7af6c1c070837202c2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 940c0e5d6642d71f3349d6853f9f47a4d852d201499cf18fcd482ab34cbb11e5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB022B75E012199FDF25CFA8D8806AEFBF1FF48314F2582A9D519AB340D735A941CB90
                                                                                                                                                                                                                                                                            Function 003863B5 Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003864A5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileFindFirst
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1974802433-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3ff91c9b534f0ca17cdfd3a12aa1ba3afa6cb291c588956bc104a6ad2b40eb03
                                                                                                                                                                                                                                                                            • Instruction ID: 560474db1258a47c1393a91b3545e07a170290bd1aa19fa0aa96ebd12eab8271
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ff91c9b534f0ca17cdfd3a12aa1ba3afa6cb291c588956bc104a6ad2b40eb03
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE71E7B1D452689FDF22BF38CC9AAFEBBB9AB05300F5541D9E04997211DB358E848F10
                                                                                                                                                                                                                                                                            Function 0041CB00 Relevance: 6.1, Strings: 4, Instructions: 1074COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 9674$KFMB$^^G@$s
                                                                                                                                                                                                                                                                            • API String ID: 0-3660127563
                                                                                                                                                                                                                                                                            • Opcode ID: 27874dbce567111c3f219e210b23f0667ac252a5f79d29e450b7d961ab3544b2
                                                                                                                                                                                                                                                                            • Instruction ID: 76d9ab5ad4098dda426dfb07134c23fb05dbd0921d90cf3e2529e81e57764f13
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27874dbce567111c3f219e210b23f0667ac252a5f79d29e450b7d961ab3544b2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22725BB150C3518FC725CF28C8806AFBBE1AF95304F088A6EE8D59B392D739D946C756
                                                                                                                                                                                                                                                                            Function 00374073 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 0037407F
                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 0037414B
                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00374164
                                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 0037416E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 254469556-0
                                                                                                                                                                                                                                                                            • Opcode ID: 6ff7842239ee9178bae07003b2f132ae7107738f06e9a4d873530e0a72a6f0e8
                                                                                                                                                                                                                                                                            • Instruction ID: 7180e4d1162a673840542c49a51d01403f52824f512a90ceefb32bf6c7809407
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ff7842239ee9178bae07003b2f132ae7107738f06e9a4d873530e0a72a6f0e8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7031E875D012289BDF21EFA4D9497CDBBB8AF08300F1041AAE50DAB250EB759B85DF85
                                                                                                                                                                                                                                                                            Function 0040A800 Relevance: 5.4, Strings: 4, Instructions: 390COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 9<zy$[\$lQ$p
                                                                                                                                                                                                                                                                            • API String ID: 0-3285090289
                                                                                                                                                                                                                                                                            • Opcode ID: 8da46fa69c16ba17454d167adf42fd31aacdbf41d8eb6d6d7a4da512c8414f0d
                                                                                                                                                                                                                                                                            • Instruction ID: 9de19169ae5d95a46d5a624b7b8d321debce3d87862d3af00a80f8430ff992d7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8da46fa69c16ba17454d167adf42fd31aacdbf41d8eb6d6d7a4da512c8414f0d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1B12A7164C3804BE314CF69845166FBBE1EFD1304F18893DE4D56B381D6798906DB8B
                                                                                                                                                                                                                                                                            Function 0040C7AC Relevance: 5.3, Strings: 4, Instructions: 272COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Bu$C`$discokeyus.lat${H
                                                                                                                                                                                                                                                                            • API String ID: 0-2440231683
                                                                                                                                                                                                                                                                            • Opcode ID: a182e69332825a3e4eea6f41208f8f6e83a12f24b741bbd07f32295aa3dc9455
                                                                                                                                                                                                                                                                            • Instruction ID: 114d197532c6d9a5bddf29eb5ce939d555a84e3df70591cafa127d411ad043be
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a182e69332825a3e4eea6f41208f8f6e83a12f24b741bbd07f32295aa3dc9455
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE910EB5604B81CFD725CF29C580562BBA2FF8630471882ADC4D2AFB56C739F416CB94
                                                                                                                                                                                                                                                                            Function 0041780D Relevance: 4.2, Strings: 3, Instructions: 471COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: nlmn$}A$
                                                                                                                                                                                                                                                                            • API String ID: 0-3467081281
                                                                                                                                                                                                                                                                            • Opcode ID: 3d2ec27261f817495e18cad4f8584d9b173e532b0ff42de0991e2b01461aa2b6
                                                                                                                                                                                                                                                                            • Instruction ID: 549473099d5b31f7e2affd1b31b2bdea4936e586793accb9afc262e58f72c6ab
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d2ec27261f817495e18cad4f8584d9b173e532b0ff42de0991e2b01461aa2b6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66F1467560D3819FD724CF28D8857AFB7E2AB86304F158A3DE4D987391D7389841CB8A
                                                                                                                                                                                                                                                                            Function 00424A40 Relevance: 4.2, Strings: 3, Instructions: 413COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: GW$[T$^P
                                                                                                                                                                                                                                                                            • API String ID: 0-3161713602
                                                                                                                                                                                                                                                                            • Opcode ID: 82a1a1d3a27d4707250773402e9a19911499a81c1499624d5d1d8ffdf5896262
                                                                                                                                                                                                                                                                            • Instruction ID: c083e953ca77e7037dffe47f7a6b37e45f3133e8217f72e202ba3a11bdf8e61f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82a1a1d3a27d4707250773402e9a19911499a81c1499624d5d1d8ffdf5896262
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9D12FB5608340DFE324EF64E88176BBBA1FBD6304F45893DE5858B2A1D7788801CB5A
                                                                                                                                                                                                                                                                            Function 00427726 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: "(#$4|B$s+1#
                                                                                                                                                                                                                                                                            • API String ID: 0-2048809014
                                                                                                                                                                                                                                                                            • Opcode ID: 3fb39753ed154bc668479c406a38b3078b1e3df08ea8581b38c1299cbf0c5694
                                                                                                                                                                                                                                                                            • Instruction ID: 56a35b1911a31526af167876963f3d146a08611a9c41bee41471f7625fa740ae
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fb39753ed154bc668479c406a38b3078b1e3df08ea8581b38c1299cbf0c5694
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03D169B190C3518FD714DF24D89175BBBE2EB85308F488A6DE5D547382D339E905CB8A
                                                                                                                                                                                                                                                                            Function 00429A80 Relevance: 4.0, Strings: 3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: "9$kL$OU
                                                                                                                                                                                                                                                                            • API String ID: 0-711883280
                                                                                                                                                                                                                                                                            • Opcode ID: 152ef1fb7de82e70364a09166566de1206cf56b509eac23a16b295d0b5438f61
                                                                                                                                                                                                                                                                            • Instruction ID: bc2349d6a2dd6fa9d9e13b2c951114910d08eb56f07a2238ee76d59a9345f12a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 152ef1fb7de82e70364a09166566de1206cf56b509eac23a16b295d0b5438f61
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B671CEB461C3E18BE3348F25958179BBFE1AFD6214F58896DC5C91B382C7790806CB97
                                                                                                                                                                                                                                                                            Function 0042C31E Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 197COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                                                                                            • String ID: A!]:
                                                                                                                                                                                                                                                                            • API String ID: 3664257935-4068095544
                                                                                                                                                                                                                                                                            • Opcode ID: ce2f52e87b503819c08a846f52649bb542460f4ed00e87a43fac56b1ad96870b
                                                                                                                                                                                                                                                                            • Instruction ID: 854bc25c615e3f6fc9dbe429a2392c4a63248de56b862ea031488afc5db9b9f8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce2f52e87b503819c08a846f52649bb542460f4ed00e87a43fac56b1ad96870b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A617876A083919BE320CF24CC91BABBBE1FFD2304F14882DE4C997292D73459058B96
                                                                                                                                                                                                                                                                            Function 0040ACB0 Relevance: 3.0, Strings: 2, Instructions: 467COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: AD$HA
                                                                                                                                                                                                                                                                            • API String ID: 0-3309148254
                                                                                                                                                                                                                                                                            • Opcode ID: 104d192b86fda74684dafde84d470f975b637a76e30f0d590dcdc83414d517a6
                                                                                                                                                                                                                                                                            • Instruction ID: c211f623592036d4c8a066339623761b9a3fc617e998b0c419ccf519b0101617
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 104d192b86fda74684dafde84d470f975b637a76e30f0d590dcdc83414d517a6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F129BB5204B01CFD3248F25E891797BBF1FF86314F518A2DE5AA8BAA0DB74A405CF44
                                                                                                                                                                                                                                                                            Function 00427EC0 Relevance: 2.7, Strings: 2, Instructions: 195COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: "(#$s+1#
                                                                                                                                                                                                                                                                            • API String ID: 0-3207113266
                                                                                                                                                                                                                                                                            • Opcode ID: 0341549b501c6176ff2cf6671d7d3d02cb217349fd9e787f455c0bf456d70381
                                                                                                                                                                                                                                                                            • Instruction ID: 6ac2ed6c47710117971ea15357740f9e3f3380b656cfe5ed9a546f2d027373e3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0341549b501c6176ff2cf6671d7d3d02cb217349fd9e787f455c0bf456d70381
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F15199B2A0C3518FD714CF24D49235FBBE2AB85308F498A7DE5D947382D239E905C78A
                                                                                                                                                                                                                                                                            Function 0042826A Relevance: 2.6, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: YimW$mUhS
                                                                                                                                                                                                                                                                            • API String ID: 0-3297437401
                                                                                                                                                                                                                                                                            • Opcode ID: def7bcaa254667d8d7241c52ec08360b174e4ece4f04162891e1869be7ba2291
                                                                                                                                                                                                                                                                            • Instruction ID: 7523936061bdd256bba0e35e586ec175aba37b2e083d2a6ec7d7ffb944ca85e2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: def7bcaa254667d8d7241c52ec08360b174e4ece4f04162891e1869be7ba2291
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22212B3024E3A08FC314CF3560944ABFBE39EC6645F9C4A9ED4D497345CE36C90A8B5A
                                                                                                                                                                                                                                                                            Function 0040CBF6 Relevance: 2.5, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Uninitialize
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3861434553-0
                                                                                                                                                                                                                                                                            • Opcode ID: 966256788f2ea28a9abe1eb818366d4fe186078ac5ddb570089881c989f6eb41
                                                                                                                                                                                                                                                                            • Instruction ID: 153bf8dcd83d8efca8819f49322324011317ffdb3a0414d6f49220ef735856c8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 966256788f2ea28a9abe1eb818366d4fe186078ac5ddb570089881c989f6eb41
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22D0C97EE916008F97888F60ED5A1647732EBCB322748A934A945D3318CA38E455890C
                                                                                                                                                                                                                                                                            Function 00413CF0 Relevance: 2.2, Strings: 1, Instructions: 1000COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: #
                                                                                                                                                                                                                                                                            • API String ID: 0-1443896768
                                                                                                                                                                                                                                                                            • Opcode ID: a6e2955ee29695258507bce662d9dcb1cf5dac3a7348a5cc8ed874aab1bafafc
                                                                                                                                                                                                                                                                            • Instruction ID: d20003b8ff293c18334bea863f8fcdfdced571c85ef097b4725111ab617053d0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6e2955ee29695258507bce662d9dcb1cf5dac3a7348a5cc8ed874aab1bafafc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C4263756083009BD7149F28EC81B7BB3A1EFDA328F15452DF482973A1E7789C45CB9A
                                                                                                                                                                                                                                                                            Function 004398D0 Relevance: 2.0, Strings: 1, Instructions: 755COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                            • String ID: f
                                                                                                                                                                                                                                                                            • API String ID: 2994545307-1993550816
                                                                                                                                                                                                                                                                            • Opcode ID: e93a7b9007d7e2adc794b4fa93f94979de011f3bb61f00e59f91e026df6dd233
                                                                                                                                                                                                                                                                            • Instruction ID: 0e83319c0a52a0a2d4025f2f855d182bcdce820e40333e7299f913c3cedb96f4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e93a7b9007d7e2adc794b4fa93f94979de011f3bb61f00e59f91e026df6dd233
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C422F37020C3518FD714DF28C890A2BBBE1ABC9714F189A2DE5D697391D7B5EC05CB8A
                                                                                                                                                                                                                                                                            Function 004254E0 Relevance: 1.8, Strings: 1, Instructions: 583COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: KM
                                                                                                                                                                                                                                                                            • API String ID: 0-2038479749
                                                                                                                                                                                                                                                                            • Opcode ID: d2f72011e133861f9b1fb5410ebcb93e8e8588b7e4add47fd4a1db5d78bc3b3b
                                                                                                                                                                                                                                                                            • Instruction ID: d848afa4c0631aae570474e1c7933bcb62fe460e7be1e1412e5731fc99e9db73
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2f72011e133861f9b1fb5410ebcb93e8e8588b7e4add47fd4a1db5d78bc3b3b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 091253B56083918FD7149F25A85236BBBE1EFD6304F54883EE5C18B382E778C905CB5A
                                                                                                                                                                                                                                                                            Function 004152EC Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: -jjZ
                                                                                                                                                                                                                                                                            • API String ID: 0-586210766
                                                                                                                                                                                                                                                                            • Opcode ID: 78609f71234fcf53614fea0a92eb2a58a8e5b2868fae7fcd2e21c7245c416bbc
                                                                                                                                                                                                                                                                            • Instruction ID: b097fedd48c46a224e4955af4dcd37d282fa08c246c66897522c683225f87871
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78609f71234fcf53614fea0a92eb2a58a8e5b2868fae7fcd2e21c7245c416bbc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 429169B0018341CFD724CF25C4A0BABBBF1FF92318F55995DD4898B2A1E7788945CB9A
                                                                                                                                                                                                                                                                            Function 00414E1A Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: gfff
                                                                                                                                                                                                                                                                            • API String ID: 0-1553575800
                                                                                                                                                                                                                                                                            • Opcode ID: 00d19aa53d24c91ba229553f998e681656e3caa022736a74909cdfa927795020
                                                                                                                                                                                                                                                                            • Instruction ID: cccd02d151fc12d1a2562be7de8c9476ce7b21d8e2c31849f72b12cfbd717d2c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 00d19aa53d24c91ba229553f998e681656e3caa022736a74909cdfa927795020
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D613975A043518BD314CF29D8117BBB6E2FBC5314F14863EE496DB3C1EB7889468786
                                                                                                                                                                                                                                                                            Function 004158F0 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: vYA
                                                                                                                                                                                                                                                                            • API String ID: 0-3315555051
                                                                                                                                                                                                                                                                            • Opcode ID: a73d0acb9f6c12c6a464e02623dace14fa794e5d9142f975910ef74e9a6403f0
                                                                                                                                                                                                                                                                            • Instruction ID: 3c184762d0f06d1c6c8c92cf068b9fb7124a9dea3f33be2199c41025d256fdc9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a73d0acb9f6c12c6a464e02623dace14fa794e5d9142f975910ef74e9a6403f0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C11DB76658741DBE3218B14C880FFBB3AAF7D6320F14863BE48593354D6349D85CB9A
                                                                                                                                                                                                                                                                            Function 0041FE5F Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: L'()
                                                                                                                                                                                                                                                                            • API String ID: 0-3530251834
                                                                                                                                                                                                                                                                            • Opcode ID: 2eb97e9f080d446e58c902f51dbff13a2683e9d09a4eca63dbf9b60c972295c2
                                                                                                                                                                                                                                                                            • Instruction ID: 1fbf1501befefc3ba1c1e8309e0c1cbaa28d8976f5f85aa68e25c2d1543038ce
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2eb97e9f080d446e58c902f51dbff13a2683e9d09a4eca63dbf9b60c972295c2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C017633A8830006E7084A29ED83377FBCB97E2210F1D893FE969C3181C0B84405424A
                                                                                                                                                                                                                                                                            Function 00421221 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 4e3e2de1090690ee3ff3ad64c133109ff2729fb40730cfd90687c2ddfae484d8
                                                                                                                                                                                                                                                                            • Instruction ID: 4b8ec230849e8cb61b2dece5b62c1b06ff5b53a5c60dbfb5fe10ffccb64b6710
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e3e2de1090690ee3ff3ad64c133109ff2729fb40730cfd90687c2ddfae484d8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8922C075A09211DFE304CF28EC5072AB3E2FB89712F69867DE585973A0DB38E911CB45
                                                                                                                                                                                                                                                                            Function 00407410 Relevance: .6, Instructions: 634COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 301f3e1d7cb706b2e6e3c1efe1461f2913435aa2921724747b3d3afb79bcf118
                                                                                                                                                                                                                                                                            • Instruction ID: a4a99e91a1990f857e7415728ab3888dbbc73268fc9e5db3bb85deec0b442900
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 301f3e1d7cb706b2e6e3c1efe1461f2913435aa2921724747b3d3afb79bcf118
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1022C372A087119BC724DF18D8846ABB3E1EFC4319F19893ED986A7385D738B851CB47
                                                                                                                                                                                                                                                                            Function 00436DF0 Relevance: .6, Instructions: 553COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                            • Opcode ID: 16664413c0fbf11cf89beccaaac73386be51ab3c3e3f952761eb91529a7c61c2
                                                                                                                                                                                                                                                                            • Instruction ID: cfc8b8373cc8f0d64024626388423ca557c6e07e74eef05e63e42e5e24e037d0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16664413c0fbf11cf89beccaaac73386be51ab3c3e3f952761eb91529a7c61c2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68E1A7B2A0C3255BC724DE25DC8172BB7A3ABD8310F19962EE8D417391DA749C05CB9A
                                                                                                                                                                                                                                                                            Function 004058B0 Relevance: .4, Instructions: 449COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 5d4259e322bacfc0416a5395c50fcd0a3db6ccb553543de0a91ceca018153399
                                                                                                                                                                                                                                                                            • Instruction ID: 84f3de86520b0e3cb47673128ac33b9e4e45c369931e68c3bfcb17c6dbada293
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d4259e322bacfc0416a5395c50fcd0a3db6ccb553543de0a91ceca018153399
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7F1CB356087418FD724CF29C88166BFBE6EFD9304F08882EE4D597792E679E804CB56
                                                                                                                                                                                                                                                                            Function 004082E0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 618456d8267d67387b6099f4f99d0c38a9aaf56fa37458101257f98261080bd9
                                                                                                                                                                                                                                                                            • Instruction ID: 3993700242743b02e3ff531e94237f5f9935d5c5ef27cad4c210cea7ba91a0ab
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 618456d8267d67387b6099f4f99d0c38a9aaf56fa37458101257f98261080bd9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9A12C31A086515BC3118E29CA4425BBBE2ABC5310F19CA7ED8D4E73D6EE3DDC458B85
                                                                                                                                                                                                                                                                            Function 0043D900 Relevance: .3, Instructions: 289COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3b659e61feea4800f23aabc3e1916e21f2e88de54d2d3c391a104f5816c03fa8
                                                                                                                                                                                                                                                                            • Instruction ID: d154737a76acc8160ccf4c4ddf6d7a0f4a9c4f92881f701cefa7248cb08b6958
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b659e61feea4800f23aabc3e1916e21f2e88de54d2d3c391a104f5816c03fa8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3281CD34A082018FD714DF28E990A2BB3E2FF9E710F15A96DE9858B355D734EC11DB4A
                                                                                                                                                                                                                                                                            Function 00435F70 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 9e4cfc4f9f4447e028daa0032cacd8c45ea3376fad514430bd7bcb87b22cb290
                                                                                                                                                                                                                                                                            • Instruction ID: 1d26dcd2aab60f7d2a3fc93cd1406aef67e7b1fc4f9a6d4ddb7869c3e4c25c11
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e4cfc4f9f4447e028daa0032cacd8c45ea3376fad514430bd7bcb87b22cb290
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F32175317082064BD72CDB58C89267FF7E9DBCE710F0AD56FD8829B291E6789844C3A5
                                                                                                                                                                                                                                                                            Function 0043D460 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                            • Opcode ID: 474ca2a97764db94f74f7d0a3106599533b94f1f5341fa8fa452e9a4c3b21f6a
                                                                                                                                                                                                                                                                            • Instruction ID: 574a74c8e2f4fa5e83b2f150908d99941e6526667442b443179790eb21de04d1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 474ca2a97764db94f74f7d0a3106599533b94f1f5341fa8fa452e9a4c3b21f6a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF31F734B05300BFE7208B24ED80B3BB7E5EB9A718F24662EE5C597291D234EC10C749
                                                                                                                                                                                                                                                                            Function 00427660 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                            • Opcode ID: ac1d0521527046818da34be9006db87116401b549f3c6cfc71cfb6860cbf1b6f
                                                                                                                                                                                                                                                                            • Instruction ID: f4e35e944ea9cd49fbe36f92a8b053d4734b0ca6b40ce3a5a456bc88b366cb0a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac1d0521527046818da34be9006db87116401b549f3c6cfc71cfb6860cbf1b6f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9921E73570D6309BD7189B25A850A3FB3A3FBE6320F9645AED48653750D2359C02CBAE
                                                                                                                                                                                                                                                                            Function 0043BAB1 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 255b2f6828a997e408e436578b8112c09f448b06031f2dc392ca2af83f1a459d
                                                                                                                                                                                                                                                                            • Instruction ID: 45087729575ad1356459eb95253fc9be0a6167ed9f1ecdc1dbbe0146bfcc3819
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 255b2f6828a997e408e436578b8112c09f448b06031f2dc392ca2af83f1a459d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34014736B552200FE3498E3CCC409673B939BDB621B0AE668C84057676C6345C068384
                                                                                                                                                                                                                                                                            Function 004331E0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                            • Instruction ID: 3b71c0b977de455cc40f22bdca7c91c0af693a7305cb31a3f34066a8c812e762
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6311EC336091D40EC3158D3C8400566BF930E97735F1993DAF4F5972D2D62A8E8A8359
                                                                                                                                                                                                                                                                            Function 00428D20 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 506de8e726f951171c1ca46ea2cc05a419ed05bad5432931091bb6c93f397843
                                                                                                                                                                                                                                                                            • Instruction ID: 140f9d0889a5464b40f01d2c37ab5236dd2ca064b69ffe3d0e8a3ab79a2106e9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 506de8e726f951171c1ca46ea2cc05a419ed05bad5432931091bb6c93f397843
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA01B5F1B1131147E7209E11E4C072FB2A99FA4718F58443ED40857386DF7DFC098699
                                                                                                                                                                                                                                                                            Function 00429DE3 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: e65010d7278c663552bef2c56b84290a5eb172a2b015157275085d8bff45cf20
                                                                                                                                                                                                                                                                            • Instruction ID: f5a3d8c871d48dbe315db6e8f68186b97a133618d80e9f716d87a00223897ed1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e65010d7278c663552bef2c56b84290a5eb172a2b015157275085d8bff45cf20
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67112971A0803156DB10DA24A8112777391EB22344F9A04BFD8C6A73C1D62E9C41D69E
                                                                                                                                                                                                                                                                            Function 004288FA Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: e0c33b0e02fdbf4357b2eeec1dfe8085f021eb764875f3150e17ac9dee894866
                                                                                                                                                                                                                                                                            • Instruction ID: bfc29c0e09d10012c37c0a88d5426590abe7b21d2592b5146b45ae13ad466d88
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e0c33b0e02fdbf4357b2eeec1dfe8085f021eb764875f3150e17ac9dee894866
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2501D8757092309FC718AB55A88053F73A2E7AA714F54496ED4826B310C6759C41CB9F
                                                                                                                                                                                                                                                                            Function 004305BF Relevance: 26.4, APIs: 1, Strings: 14, Instructions: 123memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocString
                                                                                                                                                                                                                                                                            • String ID: '$($*$,$,$-$-$.$.$1$4$5$:$d
                                                                                                                                                                                                                                                                            • API String ID: 2525500382-1252603568
                                                                                                                                                                                                                                                                            • Opcode ID: c9c274257bacbde457e8fbe608dc9edb58bdb03f0db4b74fde15ae628ec9e76f
                                                                                                                                                                                                                                                                            • Instruction ID: 44f3f0cc4296488830ba88384475dd896e07395ffbf7d56fec9c673006c5d5d1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9c274257bacbde457e8fbe608dc9edb58bdb03f0db4b74fde15ae628ec9e76f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B61902011CBC2CDD362867C984864FAFD11BA7238F581B9DF1F04A3E6D6A9810AC767
                                                                                                                                                                                                                                                                            Function 0043090C Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 169memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocString
                                                                                                                                                                                                                                                                            • String ID: '$*$,$,$-$-$.$.$1$4$5$:$d
                                                                                                                                                                                                                                                                            • API String ID: 2525500382-2419733456
                                                                                                                                                                                                                                                                            • Opcode ID: 12c3bba8531268f1b8994222492f9b69a04370e94d9342ebe5f49df1d5a66087
                                                                                                                                                                                                                                                                            • Instruction ID: 3842334455cd8846db1550927becf81f8a6d56a1fbaf6594c4a687f18475b3c6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12c3bba8531268f1b8994222492f9b69a04370e94d9342ebe5f49df1d5a66087
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A81282010CBC2CED326D77C889864ABFE15BA7224F481B9DF5E14B3E6D2658506C767
                                                                                                                                                                                                                                                                            Function 0042FF0A Relevance: 24.6, APIs: 2, Strings: 12, Instructions: 85COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                            • String ID: 4$E$E$H$N$P$P$V$W$Z$Z$a
                                                                                                                                                                                                                                                                            • API String ID: 2610073882-4227424645
                                                                                                                                                                                                                                                                            • Opcode ID: 88b3d6849b3b2b55699d2a121768fbc305852a3aa98dbc37fee2afc3adf57601
                                                                                                                                                                                                                                                                            • Instruction ID: f7c36d65b01b28c0a720741b5e2e02dba83b6d6c8f3042cd6f00843c56970d7f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 88b3d6849b3b2b55699d2a121768fbc305852a3aa98dbc37fee2afc3adf57601
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE41177110C7C28AD331DB38894979FBFE0AB96314F488A9DD1EC87392CA75450ACB57
                                                                                                                                                                                                                                                                            Function 0042FB90 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 109COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InitVariant
                                                                                                                                                                                                                                                                            • String ID: $$%$&$/$/$1$7$8$<$Y
                                                                                                                                                                                                                                                                            • API String ID: 1927566239-1035285661
                                                                                                                                                                                                                                                                            • Opcode ID: 0dd77bfa0c280c1d85ebbd67144c13b9b410ba9512263f8106c2c1a6535a63ae
                                                                                                                                                                                                                                                                            • Instruction ID: 6337ec45e30d324e55f9f05e28ad4c9ddafac157a26d2665eeababdce996f2ac
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0dd77bfa0c280c1d85ebbd67144c13b9b410ba9512263f8106c2c1a6535a63ae
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC51277161C7C18ED335CB38885879BBEE16B96324F088A6DD4E98B3D2C7744505C797
                                                                                                                                                                                                                                                                            Function 0038EDF2 Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCPInfo.KERNEL32(00000000,00000000,00000000,7FFFFFFF,?,0038EDDD,00000000,00000000,00000000,00000000,?,?,?,?,00000000,00000000), ref: 0038EE98
                                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0038EF53
                                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0038EFE2
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0038F02D
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0038F033
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0038F069
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0038F06F
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0038F07F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __freea$__alloca_probe_16$Info
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 127012223-0
                                                                                                                                                                                                                                                                            • Opcode ID: 154f8cf83201b0d7cc742ff23905c66617f4ea5a67c0c7a1d3f89306ef76ed39
                                                                                                                                                                                                                                                                            • Instruction ID: 490c950fdb73ad1aee07e93b4ab66fc9ceff8248bd2893bae76cc9f650e71698
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 154f8cf83201b0d7cc742ff23905c66617f4ea5a67c0c7a1d3f89306ef76ed39
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6471C8B2904309AFDF33BEA48C41BAF77B9AF45350F1A41E5F904AB282D7759C418761
                                                                                                                                                                                                                                                                            Function 003745A9 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 003745F0
                                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0037461C
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 0037465B
                                                                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00374678
                                                                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 003746B7
                                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 003746D4
                                                                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00374716
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00374739
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2040435927-0
                                                                                                                                                                                                                                                                            • Opcode ID: f7cb99bb1693f88c696c67cf24dee86c8a7c1a6493507d9349fe5bd5b6e7a33e
                                                                                                                                                                                                                                                                            • Instruction ID: 1ea3068dd2257b48447434e204891f759213555cec3eb1fb61323c7226efcaa5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f7cb99bb1693f88c696c67cf24dee86c8a7c1a6493507d9349fe5bd5b6e7a33e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3651E272600246AFEF364F64CC45FAB7BA9EF45740F168129F929EA190D738ED00CB60
                                                                                                                                                                                                                                                                            Function 00383332 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _strrchr
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3213747228-0
                                                                                                                                                                                                                                                                            • Opcode ID: 28ab9ecce4e15e3143315e353018c5f3af88507dfb5dc82ed59a1ff67c68ab01
                                                                                                                                                                                                                                                                            • Instruction ID: 8254fc7ede93cdc816d746c9c412325d3b4edd1fdadb5dae9fdbd79bbdcd505c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28ab9ecce4e15e3143315e353018c5f3af88507dfb5dc82ed59a1ff67c68ab01
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4DB17772A01355AFDB17AF68CC81BAE7BA5EF56B10F1541E5E804AF382D274DB01C7A0
                                                                                                                                                                                                                                                                            Function 0037FB24 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 0037FC43
                                                                                                                                                                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 0037FEBC
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CallUnexpectedtype_info::operator==
                                                                                                                                                                                                                                                                            • String ID: `#9$csm$csm$csm
                                                                                                                                                                                                                                                                            • API String ID: 2673424686-492565039
                                                                                                                                                                                                                                                                            • Opcode ID: 0940ef2abba5241a25e4feb2d148dbeb91bbffa00c726e9931527c4366cb6d8a
                                                                                                                                                                                                                                                                            • Instruction ID: 0ef0c3ada1fc9d50432e95d1905feb6229ffa2009896f1d3177da6d54d8bae8a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0940ef2abba5241a25e4feb2d148dbeb91bbffa00c726e9931527c4366cb6d8a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74B17E75800209EFCF36DFA4C8819AEB7B5FF04310F11856AF8196B616D739DA51CBA1
                                                                                                                                                                                                                                                                            Function 00375440 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00375477
                                                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0037547F
                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00375508
                                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00375533
                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00375588
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                            • Opcode ID: d7b2a1579fc8b038a816ba1a224370d610d2197cf3e47dfc26425c17dab89f13
                                                                                                                                                                                                                                                                            • Instruction ID: eea91f71214cb33bd45f4a33df487dcf433d41f277f5c2646413b9b898f7cd99
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7b2a1579fc8b038a816ba1a224370d610d2197cf3e47dfc26425c17dab89f13
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B41F330A006089BCF2AEF69C884A9E7BB6AF05324F14C195E91D6F352D7B5DE45CF90
                                                                                                                                                                                                                                                                            Function 0037388E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 116threadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 003738A2
                                                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?,?,0037386B,?,00000000,?,0036B20C,000000FF,?,0036ABAC,?,?,?,?,0036AFAA), ref: 003738C1
                                                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?,?,0039D740,?,0037386B,?,00000000,?,0036B20C,000000FF,?,0036ABAC), ref: 003738EF
                                                                                                                                                                                                                                                                            • TryAcquireSRWLockExclusive.KERNEL32(?,?,0039D740,?,0037386B,?,00000000,?,0036B20C,000000FF,?,0036ABAC), ref: 0037394A
                                                                                                                                                                                                                                                                            • TryAcquireSRWLockExclusive.KERNEL32(?,?,0039D740,?,0037386B,?,00000000,?,0036B20C,000000FF,?,0036ABAC), ref: 00373961
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                                                                                                                                                                            • String ID: k87
                                                                                                                                                                                                                                                                            • API String ID: 66001078-350348327
                                                                                                                                                                                                                                                                            • Opcode ID: 4eee5328e29a8997b94184188c29c31a8f7d0e0aac3ebb1f1753d30eef60f645
                                                                                                                                                                                                                                                                            • Instruction ID: ca34eab4a712d8afe08bda4e34832b46c88456c15e7f36790cef09f6232843ea
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4eee5328e29a8997b94184188c29c31a8f7d0e0aac3ebb1f1753d30eef60f645
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2416F31504A06DFCB32DF65C480BA9F3F8FF4A310B518A1AE64AD7540E778EA45EB51
                                                                                                                                                                                                                                                                            Function 003813F9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,BB40E64E,?,00381508,003631F2,?,00000000,?), ref: 003814BA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                            • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                                            • Opcode ID: 9170e09c8bdd91376c84b7ae4416657c331f3746575bba14eb3f0634fbef3193
                                                                                                                                                                                                                                                                            • Instruction ID: 6ce23a82e104f594d1dd5a8c123a35e1d6ab3239994083963100092b6d2c1534
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9170e09c8bdd91376c84b7ae4416657c331f3746575bba14eb3f0634fbef3193
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E212731A01311ABDB23AB66EC45A5A377C9B42374F370291E806E72D1E731ED02C7D0
                                                                                                                                                                                                                                                                            Function 003747BB Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 003747C1
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 003747CF
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 003747E0
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                            • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                                                                                                            • API String ID: 667068680-1047828073
                                                                                                                                                                                                                                                                            • Opcode ID: 2d1cdfa811a9fc0fe9a79996e70e895e25a05898a06a086c5802df3fd6450e62
                                                                                                                                                                                                                                                                            • Instruction ID: 0f52050422cccb7b90a2c88cfba0ce81d01725c9253c1f921ad4cf010e736645
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d1cdfa811a9fc0fe9a79996e70e895e25a05898a06a086c5802df3fd6450e62
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AD05E31625610AF8B039B70BC4D8853ABCAB073017020153F840D21A0EB7508008A96
                                                                                                                                                                                                                                                                            Function 00388F96 Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: c1a563bf2227b9c97352592391597b582fed8e139a41b640e3685f80677c3a2a
                                                                                                                                                                                                                                                                            • Instruction ID: dd438498bd606927daedfcc2be9dcf0d0d43b4d66ffc3f64f748fe65879b0d61
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1a563bf2227b9c97352592391597b582fed8e139a41b640e3685f80677c3a2a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9B10470A04349AFDB17EFA8C885BBD7BB5BF4A304F1941DAE804AB292C7759D41CB50
                                                                                                                                                                                                                                                                            Function 0037F2AC Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,0037F2A3,00374E61,003741CC), ref: 0037F2BA
                                                                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0037F2C8
                                                                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0037F2E1
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,0037F2A3,00374E61,003741CC), ref: 0037F333
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                            • Opcode ID: eaa9707d4a71d0ed9ed988362f58d540714c507f197076d5e368eb2c2f29a95b
                                                                                                                                                                                                                                                                            • Instruction ID: 9bc6318d8ba37566d8d11d2df5bef5a1e4b4421fc290f87205fb73a7cf355668
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eaa9707d4a71d0ed9ed988362f58d540714c507f197076d5e368eb2c2f29a95b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1001B13B21D7115EF63736B8BC8696B2A99FF06375B21423FF518491F2EF568C019240
                                                                                                                                                                                                                                                                            Function 0037328F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00373296
                                                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 003732A0
                                                                                                                                                                                                                                                                              • Part of subcall function 00364360: std::_Lockit::_Lockit.LIBCPMT ref: 0036438E
                                                                                                                                                                                                                                                                              • Part of subcall function 00364360: std::_Lockit::~_Lockit.LIBCPMT ref: 003643B9
                                                                                                                                                                                                                                                                            • codecvt.LIBCPMT ref: 003732DA
                                                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00373311
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
                                                                                                                                                                                                                                                                            • String ID: X9
                                                                                                                                                                                                                                                                            • API String ID: 3716348337-2150745001
                                                                                                                                                                                                                                                                            • Opcode ID: 0bd462d56de08ee16046c0ed04b7f4c83747894f5d62b93b3c86cb833cf534d0
                                                                                                                                                                                                                                                                            • Instruction ID: 4de0f959edd37300f8c7ae4c6daa099dee5487ec9d1cd1057998dd8290bd5656
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0bd462d56de08ee16046c0ed04b7f4c83747894f5d62b93b3c86cb833cf534d0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0901D63AD002199BDB27EBA4D8056AD7775AF85720F248509F4196F291DF39DE00C781
                                                                                                                                                                                                                                                                            Function 0037A53C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,00390244,000000FF,?,0037A5FD,0037A4E4,?,0037A699,00000000), ref: 0037A571
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0037A583
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000,00390244,000000FF,?,0037A5FD,0037A4E4,?,0037A699,00000000), ref: 0037A5A5
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                            • Opcode ID: 89dbd7abe0307d1e4fca2342e982320f261f39dac2be0770bdb655c0f2a8b714
                                                                                                                                                                                                                                                                            • Instruction ID: 0dc77654bc30809e32894dabded088e824bbebdf189a1ee0fb98a74973b310ee
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89dbd7abe0307d1e4fca2342e982320f261f39dac2be0770bdb655c0f2a8b714
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4101A271A04A15AFCB139F50CC09FAEBBBCFB45B25F014626E815A22E0DB799900CE91
                                                                                                                                                                                                                                                                            Function 00381BCD Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00381C52
                                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00381D1B
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00381D82
                                                                                                                                                                                                                                                                              • Part of subcall function 003804C1: HeapAlloc.KERNEL32(00000000,?,?,?,0037119F,?,?,003631F2,00001000,?,0036313A), ref: 003804F3
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00381D95
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00381DA2
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1096550386-0
                                                                                                                                                                                                                                                                            • Opcode ID: fa7abb4a2505fa48615365dfde41a3e75079a2abbeeadd04158ddca4bd2bba8d
                                                                                                                                                                                                                                                                            • Instruction ID: c5a6948c8ca248aaffc5be195ca1dcd080685f6f6c372dcd77c854e858bd87fa
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa7abb4a2505fa48615365dfde41a3e75079a2abbeeadd04158ddca4bd2bba8d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4951C572600306AFEB26BF64CC81EBB7BADEF44710B1645A9FD08DA151EB34DC168760
                                                                                                                                                                                                                                                                            Function 00361870 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseFileHandleSize
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3849164406-0
                                                                                                                                                                                                                                                                            • Opcode ID: 32d4ca73b525966d7f48c60394fa3cf705b25f6f7e892b4c2c15ef117138a0a8
                                                                                                                                                                                                                                                                            • Instruction ID: 80b510f36898ae1a22eae8aa9d677a5afb2d69fa66611fba3c3feb5356ff6549
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 32d4ca73b525966d7f48c60394fa3cf705b25f6f7e892b4c2c15ef117138a0a8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C71BFB0D04248CFCB11EFA8D58879DBBF4BF48304F14852AE899AB345D735A945CF92
                                                                                                                                                                                                                                                                            Function 0037184C Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00371853
                                                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0037185E
                                                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 003718CC
                                                                                                                                                                                                                                                                              • Part of subcall function 00371755: std::locale::_Locimp::_Locimp.LIBCPMT ref: 0037176D
                                                                                                                                                                                                                                                                            • std::locale::_Setgloballocale.LIBCPMT ref: 00371879
                                                                                                                                                                                                                                                                            • _Yarn.LIBCPMT ref: 0037188F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1088826258-0
                                                                                                                                                                                                                                                                            • Opcode ID: cce93fb7f32fce5902a6430efe9f6024fc7e2909082391d491336037c74ece11
                                                                                                                                                                                                                                                                            • Instruction ID: 5473bc6cdecc1bc821b581f0724841bafe846a7a209bf8b49d5698fb4ac2cb25
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cce93fb7f32fce5902a6430efe9f6024fc7e2909082391d491336037c74ece11
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A701DF76A002109BCB2BEF28D84157C37B5BF85750B158549E8595B391EF3AAE42CB82
                                                                                                                                                                                                                                                                            Function 0038AC01 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0038AC9D,00000000,?,0039EFA0,?,?,?,0038ABD4,00000004,InitializeCriticalSectionEx,00394F0C,00394F14), ref: 0038AC0E
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0038AC9D,00000000,?,0039EFA0,?,?,?,0038ABD4,00000004,InitializeCriticalSectionEx,00394F0C,00394F14,00000000,?,0038016C), ref: 0038AC18
                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0038AC40
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                                                                                                            • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                                            • Opcode ID: 46f6c91373b9cf828b080491eba23b7b28a5b8e8cc45926956665d9de2f7478c
                                                                                                                                                                                                                                                                            • Instruction ID: bd90b3ee0349e14b046b91c8826f08ad67fe65a34d0e9a89f22a5ab24ed620aa
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46f6c91373b9cf828b080491eba23b7b28a5b8e8cc45926956665d9de2f7478c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DAE04F30380705BBFF222F61EC06F593E69AB10B42F164062F90DE80E1E766DD10878A
                                                                                                                                                                                                                                                                            Function 00371256 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(0039E448,00000004,?,0036917E,?,?,003690E8,?,00368F17), ref: 00371260
                                                                                                                                                                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(0039E448,?,0036917E,?,?,003690E8,?,00368F17), ref: 00371293
                                                                                                                                                                                                                                                                            • WakeAllConditionVariable.KERNEL32(0039E444,?,0036917E,?,?,003690E8,?,00368F17), ref: 0037129E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExclusiveLock$AcquireConditionReleaseVariableWake
                                                                                                                                                                                                                                                                            • String ID: H9
                                                                                                                                                                                                                                                                            • API String ID: 1466638765-3771814955
                                                                                                                                                                                                                                                                            • Opcode ID: 5efc81d644edf42cfa12caf1fac3eb42c83f07753d48aff98cb5f189864b3c6b
                                                                                                                                                                                                                                                                            • Instruction ID: 7ccb40b3dd3f63ebf7a7ed7f0dacd96f896d542225dd108882aaf4b04e962bea
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5efc81d644edf42cfa12caf1fac3eb42c83f07753d48aff98cb5f189864b3c6b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61F03975605500DFC706EF69E84988477FCEB0D301F09412BF90983320DA766900CF92
                                                                                                                                                                                                                                                                            Function 00388366 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,?), ref: 003883C9
                                                                                                                                                                                                                                                                              • Part of subcall function 003805D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00381D78,?,00000000,-00000008), ref: 00380632
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0038861B
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00388661
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00388704
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2112829910-0
                                                                                                                                                                                                                                                                            • Opcode ID: f2e74b0b19af17e1b20de779aab753af232376edaad83d58a26ebbd9cadd02f4
                                                                                                                                                                                                                                                                            • Instruction ID: c06599ade18d54acecd30c2bb7aade74658876793128e5fff8d4019fb3be3ded
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f2e74b0b19af17e1b20de779aab753af232376edaad83d58a26ebbd9cadd02f4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1D18975D002489FCF16DFA8C8809EDBBB9FF49314F6845AAE516EB351DB30A941CB50
                                                                                                                                                                                                                                                                            Function 0037F84B Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1740715915-0
                                                                                                                                                                                                                                                                            • Opcode ID: 46c07ac6fb765db3a439c967ce0de1aa4fd9a6220d21aa8794e87967ae7f0b9b
                                                                                                                                                                                                                                                                            • Instruction ID: 2bf793d2302544d09542ebf921b868eae563e726fcb9c4d9384af75fdc0e5a6b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46c07ac6fb765db3a439c967ce0de1aa4fd9a6220d21aa8794e87967ae7f0b9b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8051EE72A04202BFDB3B8F14D841BBAB3A4FF05710F15853DEA198B691D739AD80DB91
                                                                                                                                                                                                                                                                            Function 00386192 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 003805D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00381D78,?,00000000,-00000008), ref: 00380632
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 003861F6
                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 003861FD
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00386237
                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 0038623E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1913693674-0
                                                                                                                                                                                                                                                                            • Opcode ID: e8b64da1515bff249c539d1751534fd14ae6a51eb1cf0f4c5597af68b0052130
                                                                                                                                                                                                                                                                            • Instruction ID: 083ee13c3afd1a02b06a165bca678a656ae279b0a294a08c0113e35b9c37e361
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e8b64da1515bff249c539d1751534fd14ae6a51eb1cf0f4c5597af68b0052130
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0421D471600705AFDB32BFA1CC8692AB7ADFF40364711899DF9299B602D735EC00CBA0
                                                                                                                                                                                                                                                                            Function 003772A2 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 2b37928a99174f42ab3ca7fce8737fd9fc7d8576619a71c3ab2e280079f66f1f
                                                                                                                                                                                                                                                                            • Instruction ID: aaa69ceaa2b934d91e31f84ad8113c22179bb751f605857e913288b25fe4a03b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b37928a99174f42ab3ca7fce8737fd9fc7d8576619a71c3ab2e280079f66f1f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0219575208605AFAB33AF718881D6A77ACBF40364715C929FC1DDB651D738EC009BE0
                                                                                                                                                                                                                                                                            Function 00387588 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 00387590
                                                                                                                                                                                                                                                                              • Part of subcall function 003805D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00381D78,?,00000000,-00000008), ref: 00380632
                                                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 003875C8
                                                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 003875E8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 158306478-0
                                                                                                                                                                                                                                                                            • Opcode ID: d0354011581f3192221827c9bf60ad90b47adf695e0243bf103b944d8769d444
                                                                                                                                                                                                                                                                            • Instruction ID: 8867eed2baed7b0d8c6f4e5cc2350766964f992a4aef41a35ceb8ccc3467349d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0354011581f3192221827c9bf60ad90b47adf695e0243bf103b944d8769d444
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE1144E1609B15BEA71733B65CC9C6F296DCF8A398B2104A5F901D6001FA68CD0147B5
                                                                                                                                                                                                                                                                            Function 0038F0B0 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,0038E59F,00000000,00000001,?,?,?,00388758,?,00000000,00000000), ref: 0038F0C7
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0038E59F,00000000,00000001,?,?,?,00388758,?,00000000,00000000,?,?,?,0038809E,?), ref: 0038F0D3
                                                                                                                                                                                                                                                                              • Part of subcall function 0038F124: CloseHandle.KERNEL32(FFFFFFFE,0038F0E3,?,0038E59F,00000000,00000001,?,?,?,00388758,?,00000000,00000000,?,?), ref: 0038F134
                                                                                                                                                                                                                                                                            • ___initconout.LIBCMT ref: 0038F0E3
                                                                                                                                                                                                                                                                              • Part of subcall function 0038F105: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0038F0A1,0038E58C,?,?,00388758,?,00000000,00000000,?), ref: 0038F118
                                                                                                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,0038E59F,00000000,00000001,?,?,?,00388758,?,00000000,00000000,?), ref: 0038F0F8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                                                                                                                                                            • Opcode ID: befa0b7543d67fab1192a156e15e6fe0d42eb93c7383bddc773cfe4bc159594d
                                                                                                                                                                                                                                                                            • Instruction ID: 2116ad6e63b943402660ec4f892fdfdd6a80f53fbc95bd648c08e6ae76bc7316
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: befa0b7543d67fab1192a156e15e6fe0d42eb93c7383bddc773cfe4bc159594d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAF0C936500629FFCF236FDADC0999A3F6AFF497A1F064561FA1899130D63388209BD1
                                                                                                                                                                                                                                                                            Function 00374C10 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00374C22
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00374C31
                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00374C3A
                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 00374C47
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                            • Opcode ID: 22e96334f44892e6303934bbe49abd79a2480d456e3f31e55ed3837d4fb6c373
                                                                                                                                                                                                                                                                            • Instruction ID: 88c9176dfe85a8f2d96e7ee3d697fa98be92a2821e608f6687941392ed1fc8e2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22e96334f44892e6303934bbe49abd79a2480d456e3f31e55ed3837d4fb6c373
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7F0B230D0020CEBCB01DBB4C94998EBBF8FF1D300F924A96A412E7110E734AB449F91
                                                                                                                                                                                                                                                                            Function 00367D50 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 477COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _strcspn
                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                            • API String ID: 3709121408-2766056989
                                                                                                                                                                                                                                                                            • Opcode ID: 687b86fcacbfdeb3d49974fc8d7daf47d8152e9d96938813f595c4d276e2d277
                                                                                                                                                                                                                                                                            • Instruction ID: bab4c60e64e4e0f808d68b348629712d2c18fe8a4417a8f1fcd87c94d6807848
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 687b86fcacbfdeb3d49974fc8d7daf47d8152e9d96938813f595c4d276e2d277
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C732D2B49042698FCB25DF24C991A9DBBF1BF49300F05C5AAE849AB305D730AE85CF91
                                                                                                                                                                                                                                                                            Function 00384D72 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: GetLastError.KERNEL32(00000000,?,00382A49), ref: 00380717
                                                                                                                                                                                                                                                                              • Part of subcall function 00380713: SetLastError.KERNEL32(00000000,?,?,00000028,0037D2C9), ref: 003807B9
                                                                                                                                                                                                                                                                            • GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,0037AB4D,?,?,?,00000055,?,-00000050,?,?,?), ref: 00384E31
                                                                                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,0037AB4D,?,?,?,00000055,?,-00000050,?,?), ref: 00384E68
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$CodePageValid
                                                                                                                                                                                                                                                                            • String ID: utf8
                                                                                                                                                                                                                                                                            • API String ID: 943130320-905460609
                                                                                                                                                                                                                                                                            • Opcode ID: 4120005bdd1938027c74f34bfed4b8f32aba6428a8579e11b6fc6bc583c7ccd9
                                                                                                                                                                                                                                                                            • Instruction ID: 693d8000c960c7779180c2b560b022b38543b3d42fb40b67df875b71e42f76e2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4120005bdd1938027c74f34bfed4b8f32aba6428a8579e11b6fc6bc583c7ccd9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5651C631A04703AAEB27BB75CC86BA673A8FF45700F1544AEF645DB981F770E94087A1
                                                                                                                                                                                                                                                                            Function 0037FF48 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,0037FE49,?,?,00000000,00000000,00000000,?), ref: 0037FF6D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: EncodePointer
                                                                                                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                                                                                                            • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                                                            • Opcode ID: 5f09780507390f0e69a64c951388fc43d2c593acedfbb9c5dfdb3bc1d0359fa3
                                                                                                                                                                                                                                                                            • Instruction ID: a032666ebfbeaf6c6e61dd29814c4a49939675e9e3ae4c84f08e4a1b0f679ebc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f09780507390f0e69a64c951388fc43d2c593acedfbb9c5dfdb3bc1d0359fa3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94417E72900209AFCF2ADFA4CD41AEEBBB5FF48300F1580A9F9086B211D7399950DF51
                                                                                                                                                                                                                                                                            Function 0037F7B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0037FA2B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ___except_validate_context_record
                                                                                                                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                                                                                                                            • API String ID: 3493665558-3733052814
                                                                                                                                                                                                                                                                            • Opcode ID: 8dcd6917cac980bac4e3ca9a1e615391de348fc1e311f4b2d37507c30d95e1d7
                                                                                                                                                                                                                                                                            • Instruction ID: 9d7f37180fbf20369bec7d8506fb2b92ca4abe829b1a5d417920b7ab27b13991
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8dcd6917cac980bac4e3ca9a1e615391de348fc1e311f4b2d37507c30d95e1d7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D031CF72500209AFCF339F50D8549AA7B69FB08315B19C17AF85C4A222D33ACCA1DF91
                                                                                                                                                                                                                                                                            Function 004319B1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137726168.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MetricsSystem
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                                                            • Opcode ID: 00d488cdc724748cb4ef6b7196869c01c6ee6bf93c6970480f38fd15caceda45
                                                                                                                                                                                                                                                                            • Instruction ID: fd8da7164b0f923a571a7e7fc6429d8095497fbfad761e699550096479e34339
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 00d488cdc724748cb4ef6b7196869c01c6ee6bf93c6970480f38fd15caceda45
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF31B3F49183548FDB40EFA8D985659BBF4AB89304F11442EE898DB360D370A959CB86
                                                                                                                                                                                                                                                                            Function 00371F82 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0037200A
                                                                                                                                                                                                                                                                            • RaiseException.KERNEL32(?,?,?,?), ref: 0037202F
                                                                                                                                                                                                                                                                              • Part of subcall function 00374D23: RaiseException.KERNEL32(E06D7363,00000001,00000003,00373ADE,?,?,?,?,00373ADE,00001000,0039AE2C,00001000), ref: 00374D84
                                                                                                                                                                                                                                                                              • Part of subcall function 0037D2B9: IsProcessorFeaturePresent.KERNEL32(00000017,00377E7B,?,?,?,?,00000000), ref: 0037D2D5
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                                                                            • API String ID: 1924019822-1018135373
                                                                                                                                                                                                                                                                            • Opcode ID: 98d0ef06eff63c2dde43a4863884ed5b2da3a84099e56cea24c480234f91be3c
                                                                                                                                                                                                                                                                            • Instruction ID: 65376395ae2023b4f2d8a02b170789dedb8e7d74064bdf27ca622a3c19c1e8b5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98d0ef06eff63c2dde43a4863884ed5b2da3a84099e56cea24c480234f91be3c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA21BE32D002189BCF36DFA8D9819AEB3B8BF04710F15850AE909AF250D738AE45CB90
                                                                                                                                                                                                                                                                            Function 00371670 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Yarn
                                                                                                                                                                                                                                                                            • String ID: =n9
                                                                                                                                                                                                                                                                            • API String ID: 1767336200-2005492208
                                                                                                                                                                                                                                                                            • Opcode ID: 57e238aa1058c7b702cfdcd56f51e6d708d776d67e0a6b8c13b6b62b455875c3
                                                                                                                                                                                                                                                                            • Instruction ID: 48e482fa2e193d871fbe1fded5871838319c6598390e9a7e412e8286e278eb44
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57e238aa1058c7b702cfdcd56f51e6d708d776d67e0a6b8c13b6b62b455875c3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DCE065273082046BFB296A6ADC12F7633D8DB44761F14412DFD0E9E5C1EE50EC008554
                                                                                                                                                                                                                                                                            Function 00371207 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(0039E448,00000000,00000004,?,00369155,?,?,003690E8,?,00368F17), ref: 00371212
                                                                                                                                                                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(0039E448,?,00369155,?,?,003690E8,?,00368F17), ref: 0037124C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                            • String ID: H9
                                                                                                                                                                                                                                                                            • API String ID: 17069307-3771814955
                                                                                                                                                                                                                                                                            • Opcode ID: fd455b890eb8733a9be09849789b81396f3f52df31c145d3fd2bc450b5596ae8
                                                                                                                                                                                                                                                                            • Instruction ID: 0ecb2f09589cf2edd878408b586dd3dbff73cc510e4b93678d3d52eddfb43d4f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd455b890eb8733a9be09849789b81396f3f52df31c145d3fd2bc450b5596ae8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73F08236600004DBC722EF19E844A68B7B8EB46331F16862EEC59832A1C7391842CA52
                                                                                                                                                                                                                                                                            Function 003719F9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000002,00000000,6,?,?,003719BC,?,?,0037198D,?,?,?,0036E1E1), ref: 00371A05
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000009.00000002.3137587772.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137555622.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137615903.0000000000391000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137635842.000000000039C000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137654977.00000000003A1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137674171.00000000003A4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000009.00000002.3137707534.00000000003ED000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_360000_EUCyhuW.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: HandleModule
                                                                                                                                                                                                                                                                            • String ID: MZx$6
                                                                                                                                                                                                                                                                            • API String ID: 4139908857-3334924336
                                                                                                                                                                                                                                                                            • Opcode ID: 1f00063df124b7dc65b27a93039e6f7525528a88d0aa4f304e1ae1fb0a1c39e3
                                                                                                                                                                                                                                                                            • Instruction ID: 6032582f8229ef9e22a8d3c04c9f094ba5dce90644fe5944f4373f9ac2fe500f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f00063df124b7dc65b27a93039e6f7525528a88d0aa4f304e1ae1fb0a1c39e3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61D02B32700204F6DB2287548D0BF9EB2EC8B40785F1080559102D50C0C2B0CB40D150